CVE-2013-2423

Published: Apr 17, 2013Modified: Apr 22, 2026CISA KEV

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.2 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

Affected (15)

Products: Oracle: Jre · Canonical: Ubuntu Linux · Opensuse: Opensuse

1 product

1 product

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Oracle Jre	Version 1.7.0
Oracle Jre	Version 1.7.0 update10
Oracle Jre	Version 1.7.0 update11
Oracle Jre	Version 1.7.0 update13
Oracle Jre	Version 1.7.0 update15
Oracle Jre	Version 1.7.0 update1
Oracle Jre	Version 1.7.0 update2
Oracle Jre	Version 1.7.0 update3
Oracle Jre	Version 1.7.0 update4
Oracle Jre	Version 1.7.0 update5
Oracle Jre	Version 1.7.0 update6
Oracle Jre	Version 1.7.0 update7
Oracle Jre	Version 1.7.0 update9

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.10
Opensuse Opensuse	Version 12.3

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (33)

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

Source: secalert_us@oracle.com

Broken Link

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html

Source: secalert_us@oracle.com

Not Applicable

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f

Source: secalert_us@oracle.com

Patch

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

Source: secalert_us@oracle.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0752.html

Source: secalert_us@oracle.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0757.html

Source: secalert_us@oracle.com

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: secalert_us@oracle.com

Third Party Advisory

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0

Source: secalert_us@oracle.com

Broken Link

http://www.exploit-db.com/exploits/24976

Source: secalert_us@oracle.com

Third Party AdvisoryVDB Entry

http://www.mandriva.com/security/advisories?name=MDVSA-2013:161

Source: secalert_us@oracle.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Source: secalert_us@oracle.com

Vendor Advisory

http://www.ubuntu.com/usn/USN-1806-1

Source: secalert_us@oracle.com

Third Party Advisory

http://www.us-cert.gov/ncas/alerts/TA13-107A

Source: secalert_us@oracle.com

Third Party AdvisoryUS Government Resource

https://bugzilla.redhat.com/show_bug.cgi?id=952398

Source: secalert_us@oracle.com

Issue Tracking

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700

Source: secalert_us@oracle.com

Broken Link

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

Source: secalert_us@oracle.com

Third Party Advisory

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0752.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0757.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.exploit-db.com/exploits/24976

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.mandriva.com/security/advisories?name=MDVSA-2013:161

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.ubuntu.com/usn/USN-1806-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.us-cert.gov/ncas/alerts/TA13-107A

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://bugzilla.redhat.com/show_bug.cgi?id=952398

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2423

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.