CVE-2013-2423

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-2423
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/ Broken Link
http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html Not Applicable
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f Patch
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0752.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0757.html Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xml Third Party Advisory
http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0 Broken Link
http://www.exploit-db.com/exploits/24976 Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html Vendor Advisory
http://www.ubuntu.com/usn/USN-1806-1 Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA13-107A Third Party Advisory US Government Resource
https://bugzilla.redhat.com/show_bug.cgi?id=952398 Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700 Broken Link
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
History

26 Apr 2024, 16:07

Type Values Removed Values Added
References () http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/ - () http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/ - Broken Link
References () http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html - () http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html - Not Applicable
References () http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f - () http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f - Patch
References () http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html - () http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2013-0752.html - () http://rhn.redhat.com/errata/RHSA-2013-0752.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2013-0757.html - () http://rhn.redhat.com/errata/RHSA-2013-0757.html - Third Party Advisory
References () http://security.gentoo.org/glsa/glsa-201406-32.xml - () http://security.gentoo.org/glsa/glsa-201406-32.xml - Third Party Advisory
References () http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0 - () http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0 - Broken Link
References () http://www.exploit-db.com/exploits/24976 - () http://www.exploit-db.com/exploits/24976 - Third Party Advisory, VDB Entry
References () http://www.mandriva.com/security/advisories?name=MDVSA-2013:161 - () http://www.mandriva.com/security/advisories?name=MDVSA-2013:161 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-1806-1 - () http://www.ubuntu.com/usn/USN-1806-1 - Third Party Advisory
References () http://www.us-cert.gov/ncas/alerts/TA13-107A - US Government Resource () http://www.us-cert.gov/ncas/alerts/TA13-107A - Third Party Advisory, US Government Resource
References () https://bugzilla.redhat.com/show_bug.cgi?id=952398 - () https://bugzilla.redhat.com/show_bug.cgi?id=952398 - Issue Tracking
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700 - Broken Link
References () https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130 - () https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130 - Third Party Advisory
CPE cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:*:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:*:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*		 cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
First Time Canonical ubuntu Linux
Opensuse opensuse
Opensuse
Canonical
Information

Published : 2013-04-17 18:55

Updated : 2024-04-26 16:07

NVD link : CVE-2013-2423

Mitre link : CVE-2013-2423

CVE.ORG link : CVE-2013-2423

JSON object : View

Products Affected

canonical

  • ubuntu_linux

oracle

  • jre

opensuse

  • opensuse
CWE
NVD-CWE-noinfo