PT-2013-3757 · Oracle+5 · Oracle Java Se+6

Stefan Cornelius

Published

2013-04-17

Updated

2024-06-15

CVE-2013-2422

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7 Update 17 and earlier Oracle Java SE versions 6 Update 43 and earlier OpenJDK versions 6 and 7

Description The issue affects confidentiality, integrity, and availability via unknown vectors related to Libraries. It is reportedly related to improper method-invocation restrictions, potentially allowing remote attackers to bypass the Java sandbox.

Recommendations For Oracle Java SE versions 7 Update 17 and earlier, update to a version later than Update 17. For Oracle Java SE versions 6 Update 43 and earlier, update to a version later than Update 43. For OpenJDK versions 6 and 7, consider disabling the MethodUtil trampoline class as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0751

CESA-2013_0770

CVE-2013-2422

HPSBUX02889

OPENSUSE-SU-2024:10534-1

RHSA-2013:0751

RHSA-2013:0752

RHSA-2013:0757

RHSA-2013:0758

RHSA-2013:0770

RHSA-2013:0822

RHSA-2013:0823

RHSA-2013:1455

RHSA-2013:1456

RHSA-2013_0751

RHSA-2013_0752

RHSA-2013_0757

RHSA-2013_0758

RHSA-2013_0770

RHSA-2013_0822

RHSA-2013_0823

Affected Products

Centos

Hp-Ux

Java Platform

Openjdk

Oracle Java Se

Red Hat

Suse

PT-2013-3757 · Oracle+5 · Oracle Java Se+6

CVE-2013-2422

Related Identifiers

Affected Products

References · 441