← Voltar para CVEs
CVE-2013-0431
MEDIUMCISA KEV5.3
Descricao
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
Detalhes CVE
Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/31/2013
Ultima modificacao4/21/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorOracle
ProdutoJava Runtime Environment (JRE)
Nome da vulnerabilidadeOracle JRE Sandbox Bypass Vulnerability
Data inclusao KEV2022-05-25
Prazo de remediacao2022-06-15
Uso em ransomwareKnown
Produtos afetados
oracle:jreoracle:openjdk
Fraquezas (CWE)
CWE-693
Referencias
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/(secalert_us@oracle.com)
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53(secalert_us@oracle.com)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html(secalert_us@oracle.com)
http://marc.info/?l=bugtraq&m=136439120408139&w=2(secalert_us@oracle.com)
http://marc.info/?l=bugtraq&m=136733161405818&w=2(secalert_us@oracle.com)
http://rhn.redhat.com/errata/RHSA-2013-0237.html(secalert_us@oracle.com)
http://rhn.redhat.com/errata/RHSA-2013-0247.html(secalert_us@oracle.com)
http://seclists.org/fulldisclosure/2013/Jan/142(secalert_us@oracle.com)
http://seclists.org/fulldisclosure/2013/Jan/195(secalert_us@oracle.com)
http://security.gentoo.org/glsa/glsa-201406-32.xml(secalert_us@oracle.com)
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717(secalert_us@oracle.com)
http://www.kb.cert.org/vuls/id/858729(secalert_us@oracle.com)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095(secalert_us@oracle.com)
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html(secalert_us@oracle.com)
http://www.securityfocus.com/archive/1/525387/30/0/threaded(secalert_us@oracle.com)
http://www.us-cert.gov/cas/techalerts/TA13-032A.html(secalert_us@oracle.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579(secalert_us@oracle.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418(secalert_us@oracle.com)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056(secalert_us@oracle.com)
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/(af854a3a-2127-422b-91ae-364da2661108)
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=136439120408139&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=136733161405818&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0237.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0247.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2013/Jan/142(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2013/Jan/195(af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201406-32.xml(af854a3a-2127-422b-91ae-364da2661108)
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/858729(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/525387/30/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA13-032A.html(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0431(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.