PT-2013-3792 · Oracle+4 · Java Runtime Environment+6

Stefan Cornelius

·

Published

2013-06-18

·

Updated

2024-06-15

·

CVE-2013-2458

CVSS v2.0

5.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 7 Update 21 and earlier OpenJDK 7
Description The issue affects confidentiality and integrity via unknown vectors related to Libraries. It is reported that this issue may allow remote attackers to bypass the Java sandbox, potentially related to an error involving method handles.
Recommendations For Java Runtime Environment (JRE) versions 7 Update 21 and earlier, update to a version later than 7 Update 21. For OpenJDK 7, consider disabling the use of method handles until a patch is available. As a temporary workaround, restrict access to libraries to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0957
CVE-2013-2458
DSA-2722-1
HPSBUX02907
MGASA-2013-0185
OPENSUSE-SU-2024:10534-1
RHSA-2013:0957
RHSA-2013:0958
RHSA-2013:0963
RHSA-2013:1060
RHSA-2013_0957
RHSA-2013_0958
RHSA-2013_0963
RHSA-2013_1060

Affected Products

Centos
Hp-Ux
Java Platform
Java Runtime Environment
Openjdk
Red Hat
Suse