Russian Vulnerability Scanner Database

Back to List

CVE-2013-2423

Scores

EPSS

0.934high93.4%
0%20%40%60%80%100%

Percentile: 93.4%

CVSS

3.7low3.x
0246810

CVSS Score: 3.7/10

All CVSS Scores

CVSS 3.x
3.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-284

Related Vulnerabilities

BDU:2022-03796

Exploits

Exploit ID: CVE-2013-2423

Source: cisa

URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Exploit ID: 24976

Source: exploitdb

URL: https://www.exploit-db.com/exploits/24976

Recommendations

Source: nvd

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2013-0752.html

Vulnerable Software (12)

Type: Configuration

Product: java-1.7.0-ibm

Operating System: rhel

Trait: 
{  "fixed": "1.7.0.4.2-1jpp.1.el5_9"}

Source: redhat

Type: Configuration

Product: java-1.7.0-ibm

Operating System: rhel

Trait: 
{  "fixed": "1.7.0.4.2-1jpp.1.el6_4"}

Source: redhat

Type: Configuration

Product: java-1.7.0-openjdk

Operating System: rhel 5

Trait: 
{  "fixed": "1.7.0.19-2.3.9.1.el5_9"}

Source: redhat

Type: Configuration

Product: java-1.7.0-openjdk

Operating System: rhel 6

Trait: 
{  "fixed": "1.7.0.19-2.3.9.1.el6_4"}

Source: redhat

Type: Configuration

Product: java-1.7.0-oracle

Operating System: rhel

Trait: 
{  "fixed": "1.7.0.21-1jpp.1.el5"}

Source: redhat

Type: Configuration

Product: java-1.7.0-oracle

Operating System: rhel

Trait: 
{  "fixed": "1.7.0.21-1jpp.1.el6"}

Source: redhat

Type: Configuration

Product: openjdk-6

Operating System: debian

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: openjdk-6

Operating System: ubuntu hardy 8.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: openjdk-7

Operating System: debian

Trait: 
{  "fixed": "7u21-2.3.9-1"}

Source: debian

Type: Configuration

Vendor: *

Product: jre

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",      "...

Source: nvd

Type: Configuration

Vendor: *

Product: opensuse

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*...

Source: nvd

Type: Configuration

Vendor: *

Product: ubuntu_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*...

Source: nvd

End of list