TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2013-2423

LOWCISA KEV
3.7

Beschreibung

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

CVE Details

CVSS v3.1 Bewertung3.7
SchweregradLOW
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/17/2013
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerOracle
ProduktJava Runtime Environment (JRE)
SchwachstellennameOracle JRE Unspecified Vulnerability
KEV Aufnahmedatum2022-05-25
Behebungsfrist2022-06-15
Ransomware-NutzungUnknown

Betroffene Produkte

canonical:ubuntu_linuxopensuse:opensuseoracle:jre

Schwachen (CWE)

CWE-284

Referenzen

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/(secalert_us@oracle.com)
http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html(secalert_us@oracle.com)
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f(secalert_us@oracle.com)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html(secalert_us@oracle.com)
http://rhn.redhat.com/errata/RHSA-2013-0752.html(secalert_us@oracle.com)
http://rhn.redhat.com/errata/RHSA-2013-0757.html(secalert_us@oracle.com)
http://security.gentoo.org/glsa/glsa-201406-32.xml(secalert_us@oracle.com)
http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0(secalert_us@oracle.com)
http://www.exploit-db.com/exploits/24976(secalert_us@oracle.com)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161(secalert_us@oracle.com)
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html(secalert_us@oracle.com)
http://www.ubuntu.com/usn/USN-1806-1(secalert_us@oracle.com)
http://www.us-cert.gov/ncas/alerts/TA13-107A(secalert_us@oracle.com)
https://bugzilla.redhat.com/show_bug.cgi?id=952398(secalert_us@oracle.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700(secalert_us@oracle.com)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130(secalert_us@oracle.com)
http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/(af854a3a-2127-422b-91ae-364da2661108)
http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html(af854a3a-2127-422b-91ae-364da2661108)
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0752.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0757.html(af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201406-32.xml(af854a3a-2127-422b-91ae-364da2661108)
http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/24976(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1806-1(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/ncas/alerts/TA13-107A(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=952398(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2423(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.