5.3
CVE-2013-0431
- EPSS 89.99%
- Veröffentlicht 31.01.2013 14:55:01
- Zuletzt bearbeitet 21.04.2026 19:02:12
- Quelle secalert_us@oracle.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Oracle JRE Sandbox Bypass Vulnerability
SchwachstelleUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 89.99% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-693 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://rhn.redhat.com/errata/RHSA-2013-0237.html
http://rhn.redhat.com/errata/RHSA-2013-0247.html
http://seclists.org/fulldisclosure/2013/Jan/142
http://seclists.org/fulldisclosure/2013/Jan/195
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
http://www.kb.cert.org/vuls/id/858729
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.securityfocus.com/archive/1/525387/30/0/threaded
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0431