PT-2013-2339 · Oracle+4 · Oracle Java Se+6

Tomas Hoger

Published

2013-02-01

Updated

2024-06-15

CVE-2013-0444

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7 through Update 11 OpenJDK 7

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. It is reportedly related to insufficient checks for cached results by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.

Recommendations For Oracle Java SE versions 7 through Update 11, update to a version later than Update 11. For OpenJDK 7, consider disabling the Java Beans MethodFinder as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0247

CVE-2013-0444

HPSBUX02857

OPENSUSE-SU-2013_0377-1

OPENSUSE-SU-2024:10534-1

RHSA-2013:0237

RHSA-2013:0247

RHSA-2013:0626

RHSA-2013_0237

RHSA-2013_0247

RHSA-2013_0626

Affected Products

Centos

Hp-Ux

Java Platform

Openjdk

Oracle Java Se

Red Hat

Suse

PT-2013-2339 · Oracle+4 · Oracle Java Se+6

CVE-2013-0444

Related Identifiers

Affected Products

References · 457