← Voltar para CVEs

CVE-2013-2423

LOWCISA KEV

3.7

Descricao

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

Detalhes CVE

Pontuacao CVSS v3.13.7

SeveridadeLOW

Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeHIGH

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado4/17/2013

Ultima modificacao4/22/2026

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorOracle

ProdutoJava Runtime Environment (JRE)

Nome da vulnerabilidadeOracle JRE Unspecified Vulnerability

Data inclusao KEV2022-05-25

Prazo de remediacao2022-06-15

Uso em ransomwareUnknown

Produtos afetados

canonical:ubuntu_linuxopensuse:opensuseoracle:jre

Fraquezas (CWE)

CWE-284

Referencias

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/(secalert_us@oracle.com)

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html(secalert_us@oracle.com)

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f(secalert_us@oracle.com)

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html(secalert_us@oracle.com)

http://rhn.redhat.com/errata/RHSA-2013-0752.html(secalert_us@oracle.com)

http://rhn.redhat.com/errata/RHSA-2013-0757.html(secalert_us@oracle.com)

http://security.gentoo.org/glsa/glsa-201406-32.xml(secalert_us@oracle.com)

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0(secalert_us@oracle.com)

http://www.exploit-db.com/exploits/24976(secalert_us@oracle.com)

http://www.mandriva.com/security/advisories?name=MDVSA-2013:161(secalert_us@oracle.com)

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html(secalert_us@oracle.com)

http://www.ubuntu.com/usn/USN-1806-1(secalert_us@oracle.com)

http://www.us-cert.gov/ncas/alerts/TA13-107A(secalert_us@oracle.com)

https://bugzilla.redhat.com/show_bug.cgi?id=952398(secalert_us@oracle.com)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700(secalert_us@oracle.com)

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130(secalert_us@oracle.com)

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/(af854a3a-2127-422b-91ae-364da2661108)

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html(af854a3a-2127-422b-91ae-364da2661108)

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2013-0752.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2013-0757.html(af854a3a-2127-422b-91ae-364da2661108)

http://security.gentoo.org/glsa/glsa-201406-32.xml(af854a3a-2127-422b-91ae-364da2661108)

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0(af854a3a-2127-422b-91ae-364da2661108)

http://www.exploit-db.com/exploits/24976(af854a3a-2127-422b-91ae-364da2661108)

http://www.mandriva.com/security/advisories?name=MDVSA-2013:161(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-1806-1(af854a3a-2127-422b-91ae-364da2661108)

http://www.us-cert.gov/ncas/alerts/TA13-107A(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=952398(af854a3a-2127-422b-91ae-364da2661108)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700(af854a3a-2127-422b-91ae-364da2661108)

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2423(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.