PT-2013-3170 · Oracle+3 · Oracle Java Se+5

James Forshaw

Publicado

2013-03-08

Atualizado

2025-09-29

CVE-2013-1488

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7 Update 17 and earlier OpenJDK versions 6 and 7

Description The issue allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, and the JDBC driver manager. This was demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

Recommendations For Oracle Java SE versions 7 Update 17 and earlier, update to a version later than 7 Update 17 to resolve the issue. For OpenJDK versions 6 and 7, consider disabling the JDBC driver manager as a temporary workaround until a patch is available.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

ALSA-2025_16880

CESA-2013_0751

CESA-2013_0770

CVE-2013-1488

ELSA-2013-0751

ELSA-2013-0770

OPENSUSE-SU-2024:10534-1

RHSA-2013:0751

RHSA-2013:0752

RHSA-2013:0757

RHSA-2013:0770

RHSA-2013:0822

RHSA-2013_0751

RHSA-2013_0752

RHSA-2013_0757

RHSA-2013_0770

RHSA-2013_0822

ZDI-13-076

Produtos afetados

Centos

Java Platform

Openjdk

Oracle Java Se

Red Hat

Suse

PT-2013-3170 · Oracle+3 · Oracle Java Se+5

CVE-2013-1488

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 336