PT-2013-1346 · Oracle+4 · Java Runtime Environment+6

Adam Gowdiak

Published

2013-01-31

Updated

2025-03-13

CVE-2013-0431

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Java Runtime Environment versions prior to Update 11 OpenJDK 7

Description The issue allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX. It is also related to the failure to neutralize script-related HTML tags on web pages, which can allow a remote attacker to impact the integrity of protected information.

Recommendations For Java Runtime Environment versions prior to Update 11, update to a version that includes the fix for this issue. For OpenJDK 7, consider disabling JMX functionality until a patch is available. As a temporary workaround, consider restricting the execution of script-related HTML tags in web pages to minimize the risk of exploitation.

Exploit

Fix

Protection Mechanism Failure

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-80

Related Identifiers

BDU:2022-03803

CESA-2013_0247

CVE-2013-0431

ELSA-2013-0247

HPSBUX02857

OPENSUSE-SU-2013_0377-1

OPENSUSE-SU-2024:10534-1

RHSA-2013:0237

RHSA-2013:0247

RHSA-2013:0626

RHSA-2013_0237

RHSA-2013_0247

RHSA-2013_0626

SUSE-SU-2013_0440-1

Affected Products

Centos

Hp-Ux

Java Platform

Java Runtime Environment

Openjdk

Red Hat

Suse

PT-2013-1346 · Oracle+4 · Java Runtime Environment+6

CVE-2013-0431

Weakness Enumeration

Related Identifiers

Affected Products

References · 349