CVE-2013-0431 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug

CVE-2013-0431

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

References

Vulnerable Configurations

cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 26-04-2024 - 16:07)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

oval via4

accepted

2013-06-10T04:01:17.229-04:00

class

vulnerability

contributors

name	Sergey Artykhov
organization	ALTX-SOFT

definition_extensions

comment	Java SE Runtime Environment 7 is installed
oval	oval:org.mitre.oval:def:16050

description

family

windows

oval:org.mitre.oval:def:16579

status

accepted

submitted

2013-04-22T10:26:26.748+04:00

title

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

version

accepted

2015-04-20T04:01:15.747-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:19418

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

version

redhat via4

advisories

rhsa
id RHSA-2013:0237
rhsa
id RHSA-2013:0247

rpms

java-1.7.0-oracle-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-devel-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-devel-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-javafx-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-javafx-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-jdbc-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-jdbc-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-plugin-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-plugin-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-src-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-src-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-openjdk-1:1.7.0.9-2.3.5.3.el5_9
java-1.7.0-openjdk-1:1.7.0.9-2.3.5.3.el6_3
java-1.7.0-openjdk-debuginfo-1:1.7.0.9-2.3.5.3.el5_9
java-1.7.0-openjdk-debuginfo-1:1.7.0.9-2.3.5.3.el6_3
java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.5.3.el5_9
java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.5.3.el6_3
java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.5.3.el5_9
java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.5.3.el6_3
java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.5.3.el5_9
java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.5.3.el6_3
java-1.7.0-openjdk-src-1:1.7.0.9-2.3.5.3.el5_9
java-1.7.0-openjdk-src-1:1.7.0.9-2.3.5.3.el6_3
java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el6_4

refmap via4

bugtraq	20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
cert	TA13-032A
cert-vn	VU#858729
confirm	http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
fulldisc	20130118 [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable 20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
gentoo	GLSA-201406-32
hp	HPSBMU02874 HPSBUX02857 SSRT101103 SSRT101184
mandriva	MDVSA-2013:095
misc	http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/ http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
suse	openSUSE-SU-2013:0377

saint via4

bid	57726
description	Java MBeanInstantiator findClass and Introspector Sandbox Escape
id	web_client_jre
osvdb	89613
title	java_findclass_introspector_sandbox_escape
type	client

Last major update

26-04-2024 - 16:07

Published

31-01-2013 - 14:55

Last modified

26-04-2024 - 16:07