PT-2017-5487 · Oracle+2 · Openjdk+3

Arun Babu Neelicattu

Publicado

2014-01-15

Atualizado

2018-01-17

CVE-2013-4578

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: OpenJDK and Oracle Java SE versions prior to 7u51

Description: The issue allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

Recommendations: For versions prior to 7u51, update to version 7u51 or later to resolve the issue.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CESA-2014_0097

CVE-2013-4578

RHSA-2014:0026

RHSA-2014:0027

RHSA-2014:0030

RHSA-2014:0097

RHSA-2014:0134

RHSA-2014:0135

RHSA-2014:0136

RHSA-2014:0414

RHSA-2014_0026

RHSA-2014_0027

RHSA-2014_0030

RHSA-2014_0097

RHSA-2014_0134

RHSA-2014_0135

RHSA-2014_0136

RHSA-2014_0414

Produtos afetados

Centos

Java Se

Openjdk

Red Hat

PT-2017-5487 · Oracle+2 · Openjdk+3

CVE-2013-4578

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 268