Home > Vulnerability Database > CVE-2013-2423

Mend.io Vulnerability Database

CVE-2013-2423

Date: April 17, 2013

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

Severity Score

3.7

Related Resources (19)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700

Url: http://www.exploit-db.com/exploits/24976

Url: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f

Url: http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Url: http://security.gentoo.org/glsa/glsa-201406-32.xml

Url: http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

Url: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:161

Url: https://bugzilla.redhat.com/show_bug.cgi?id=952398

Url: http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

Url: http://www.ubuntu.com/usn/USN-1806-1

Url: https://access.redhat.com/security/cve/CVE-2013-2423

Url: http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html

Url: http://rhn.redhat.com/errata/RHSA-2013-0752.html

Url: http://www.us-cert.gov/ncas/alerts/TA13-107A

Url: http://rhn.redhat.com/errata/RHSA-2013-0757.html

Url: http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-2423

Url: https://www.mend.io/vulnerability-database/CVE-2013-2423

Severity Score

3.7

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-2423

Date: April 17, 2013

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?