ID |
CVE-2013-0431
|
Summary |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)" |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
-
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 19-09-2017 - 01:35) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
oval
via4
|
accepted | 2013-06-10T04:01:17.229-04:00 | class | vulnerability | contributors | name | Sergey Artykhov | organization | ALTX-SOFT |
| definition_extensions | comment | Java SE Runtime Environment 7 is installed | oval | oval:org.mitre.oval:def:16050 |
| description | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | family | windows | id | oval:org.mitre.oval:def:16579 | status | accepted | submitted | 2013-04-22T10:26:26.748+04:00 | title | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | version | 5 |
accepted | 2015-04-20T04:01:15.747-04:00 | class | vulnerability | contributors | name | Ganesh Manal | organization | Hewlett-Packard |
name | Sushant Kumar Singh | organization | Hewlett-Packard |
name | Prashant Kumar | organization | Hewlett-Packard |
name | Mike Cokus | organization | The MITRE Corporation |
| description | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | family | unix | id | oval:org.mitre.oval:def:19418 | status | accepted | submitted | 2013-11-22T11:43:28.000-05:00 | title | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | version | 47 |
|
redhat
via4
|
advisories | | rpms | - java-1.7.0-oracle-1:1.7.0.13-1jpp.1.el5_9
- java-1.7.0-oracle-1:1.7.0.13-1jpp.3.el6_3
- java-1.7.0-oracle-devel-1:1.7.0.13-1jpp.1.el5_9
- java-1.7.0-oracle-devel-1:1.7.0.13-1jpp.3.el6_3
- java-1.7.0-oracle-javafx-1:1.7.0.13-1jpp.1.el5_9
- java-1.7.0-oracle-javafx-1:1.7.0.13-1jpp.3.el6_3
- java-1.7.0-oracle-jdbc-1:1.7.0.13-1jpp.1.el5_9
- java-1.7.0-oracle-jdbc-1:1.7.0.13-1jpp.3.el6_3
- java-1.7.0-oracle-plugin-1:1.7.0.13-1jpp.1.el5_9
- java-1.7.0-oracle-plugin-1:1.7.0.13-1jpp.3.el6_3
- java-1.7.0-oracle-src-1:1.7.0.13-1jpp.1.el5_9
- java-1.7.0-oracle-src-1:1.7.0.13-1jpp.3.el6_3
- java-1.7.0-openjdk-1:1.7.0.9-2.3.5.3.el5_9
- java-1.7.0-openjdk-1:1.7.0.9-2.3.5.3.el6_3
- java-1.7.0-openjdk-debuginfo-1:1.7.0.9-2.3.5.3.el5_9
- java-1.7.0-openjdk-debuginfo-1:1.7.0.9-2.3.5.3.el6_3
- java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.5.3.el5_9
- java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.5.3.el6_3
- java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.5.3.el5_9
- java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.5.3.el6_3
- java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.5.3.el5_9
- java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.5.3.el6_3
- java-1.7.0-openjdk-src-1:1.7.0.9-2.3.5.3.el5_9
- java-1.7.0-openjdk-src-1:1.7.0.9-2.3.5.3.el6_3
- java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el5_9
- java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el6_4
- java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el5_9
- java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el6_4
- java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el5_9
- java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el6_4
- java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el5_9
- java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el6_4
- java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el5_9
- java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el6_4
- java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el5_9
- java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el6_4
|
|
refmap
via4
|
bugtraq | 20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable | cert | TA13-032A | cert-vn | VU#858729 | confirm | | fulldisc | - 20130118 [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
- 20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
| gentoo | GLSA-201406-32 | hp | - HPSBMU02874
- HPSBUX02857
- SSRT101103
- SSRT101184
| mandriva | MDVSA-2013:095 | misc | | suse | openSUSE-SU-2013:0377 |
|
saint
via4
|
bid | 57726 | description | Java MBeanInstantiator findClass and Introspector Sandbox Escape | id | web_client_jre | osvdb | 89613 | title | java_findclass_introspector_sandbox_escape | type | client |
|
Last major update |
19-09-2017 - 01:35 |
Published |
31-01-2013 - 14:55 |
Last modified |
19-09-2017 - 01:35 |