PT-2017-5487 · Oracle+2 · Openjdk+3

Arun Babu Neelicattu

Published

2014-01-15

Updated

2018-01-17

CVE-2013-4578

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: OpenJDK and Oracle Java SE versions prior to 7u51

Description: The issue allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

Recommendations: For versions prior to 7u51, update to version 7u51 or later to resolve the issue.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CESA-2014_0097

CVE-2013-4578

RHSA-2014:0026

RHSA-2014:0027

RHSA-2014:0030

RHSA-2014:0097

RHSA-2014:0134

RHSA-2014:0135

RHSA-2014:0136

RHSA-2014:0414

RHSA-2014_0026

RHSA-2014_0027

RHSA-2014_0030

RHSA-2014_0097

RHSA-2014_0134

RHSA-2014_0135

RHSA-2014_0136

RHSA-2014_0414

Affected Products

Centos

Java Se

Openjdk

Red Hat

PT-2017-5487 · Oracle+2 · Openjdk+3

CVE-2013-4578

Weakness Enumeration

Related Identifiers

Affected Products

References · 268