CVE-2013-2423

Name of the Vulnerable Software and Affected Versions Java SE versions prior to 7 Update 17 OpenJDK 7

Description The issue affects the integrity of the system, potentially allowing remote attackers to bypass permission checks and modify arbitrary public final fields using reflection and type confusion. This could be achieved by exploiting an unspecified vulnerability in the Java Runtime Environment component related to HotSpot. The vulnerability may also be caused by a buffer overflow in memory, which could allow a remote attacker to influence integrity or disable the security manager.

Recommendations For Java SE versions prior to 7 Update 17, update to a version later than 7 Update 17 to resolve the issue. For OpenJDK 7, consider disabling the use of the MethodHandles method and restricting reflection to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider restricting access to the HotSpot component to minimize the risk of exploitation.