CVE-2013-0422

{"id": "CVE-2013-0422", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-01-10T21:55:00.777", "references": [{"url": "http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html", "tags": ["Not Applicable"], "source": "secalert_us@oracle.com"}, {"url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/", "tags": ["Broken Link"], "source": "secalert_us@oracle.com"}, {"url": "http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/", "tags": ["Broken Link", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://seclists.org/bugtraq/2013/Jan/48", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.kb.cert.org/vuls/id/625617", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert_us@oracle.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "tags": ["Not Applicable"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.ubuntu.com/usn/USN-1693-1", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA13-010A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert_us@oracle.com"}, {"url": "https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf", "tags": ["Broken Link"], "source": "secalert_us@oracle.com"}, {"url": "https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013", "tags": ["Not Applicable"], "source": "secalert_us@oracle.com"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us", "tags": ["Not Applicable"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades en Java de Oracle versi\u00f3n 7 anterior a Update 11, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante (1) utilizando el m\u00e9todo p\u00fablico getMBeanInstantiator en la clase JmxMBeanServer para obtener una referencia a un objeto MBeanInstantiator privado, a continuaci\u00f3n, recuperar referencias arbitrarias Class mediante el m\u00e9todo findClass y (2) mediante la API Reflection con recursi\u00f3n de una manera que omita una comprobaci\u00f3n de seguridad mediante el m\u00e9todo java.lang.invoke.MethodHandles.Lookup.checkSecurityManager debido a la incapacidad del m\u00e9todo sun.reflect.Reflection.getCallerClass para omitir marcos relacionados con la nueva API reflection, como se explot\u00f3 \u201cin the wild\u201d en Enero de 2013, como es demostrado por Blackhole y Nuclear Pack, y una vulnerabilidad diferente de CVE-2012-4681 y CVE-2012-3174. NOTA: algunas partes han mapeado el problema recursivo de la API Reflection al CVE-2012-3174, pero el CVE-2012-3174 es para una vulnerabilidad diferente cuyos detalles no son p\u00fablicos a partir de 20130114. El CVE-2013-0422 cubre los problemas de JMX/MBean y API Reflection. NOTA: originalmente se inform\u00f3 que Java versi\u00f3n 6 tambi\u00e9n era vulnerable, pero el reportero se ha retractado de esta afirmaci\u00f3n, declarando que Java versi\u00f3n 6 no es explotable porque el c\u00f3digo relevante se llama de una manera que no omita las comprobaciones de seguridad. NOTA: a partir de 20130114, un tercero confiable ha afirmado que el vector findClass/MBeanInstantiator no se corrigi\u00f3 en Java de Oracle versi\u00f3n 7 Update 11. Si todav\u00eda hay una condici\u00f3n vulnerable, se podr\u00eda crear un identificador CVE independiente para el problema no corregido."}], "lastModified": "2024-04-26T16:07:03.190", "cisaActionDue": "2022-06-15", "cisaExploitAdd": "2022-05-25", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACABC935-5DD6-4F85-992E-70AD517EF41D"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFAA351A-93CD-46A8-A480-CE2783CCD620"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Oracle JRE Remote Code Execution Vulnerability"}