4.3

CVE-2013-2423

Warnung
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot.  NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleJre Version1.7.0 Update-
OracleJre Version1.7.0 Updateupdate1
OracleJre Version1.7.0 Updateupdate10
OracleJre Version1.7.0 Updateupdate11
OracleJre Version1.7.0 Updateupdate13
OracleJre Version1.7.0 Updateupdate15
OracleJre Version1.7.0 Updateupdate2
OracleJre Version1.7.0 Updateupdate3
OracleJre Version1.7.0 Updateupdate4
OracleJre Version1.7.0 Updateupdate5
OracleJre Version1.7.0 Updateupdate6
OracleJre Version1.7.0 Updateupdate7
OracleJre Version1.7.0 Updateupdate9
CanonicalUbuntu Linux Version12.10
OpensuseOpensuse Version12.3

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Oracle JRE Unspecified Vulnerability

Schwachstelle

Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 85.33% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory
http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
Broken Link
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0752.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0757.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Vendor Advisory
http://www.ubuntu.com/usn/USN-1806-1
Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA13-107A
Third Party Advisory
US Government Resource
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Third Party Advisory
http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
Not Applicable
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
Patch
http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
Broken Link
http://www.exploit-db.com/exploits/24976
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=952398
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2423
US Government Resource