CVE-2013-0431

Severity

50%

Complexity

99%

Confidentiality

48%

Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

Type

Oracle

First reported 12 years ago

2013-01-31 14:55:00

Last updated 7 years ago

2017-09-19 01:35:00

Affected Software

Oracle JRE 1.7.0

1.7.0

Oracle JRE 1.7.0 update1

1.7.0

Oracle JRE 1.7.0 Update 10

1.7.0

Oracle JRE 1.7.0 Update 11

1.7.0

Oracle JRE 1.7.0 update2

1.7.0

Oracle JRE 1.7.0 update3

1.7.0

Oracle JRE 1.7.0 Update 4

1.7.0

Oracle JRE 1.7.0 Update 5

1.7.0

Oracle JRE 1.7.0 Update 6

1.7.0

Oracle JRE 1.7.0 Update 7

1.7.0

Oracle JRE 1.7.0 Update 9

1.7.0

Oracle JDK 1.7.0

1.7.0

Oracle JDK 1.7.0 update1

1.7.0

Oracle JDK 1.7.0 Update 10

1.7.0

Oracle JDK 1.7.0 Update 11

1.7.0

Oracle JDK 1.7.0 update2

1.7.0

Oracle JDK 1.7.0 update3

1.7.0

Oracle JDK 1.7.0 Update 4

1.7.0

Oracle JDK 1.7.0 Update 5

1.7.0

Oracle JDK 1.7.0 Update 6

1.7.0

Oracle JDK 1.7.0 Update 7

1.7.0

Oracle JDK 1.7.0 Update 9

1.7.0

References

http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/

http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53

openSUSE-SU-2013:0377

HPSBUX02857

HPSBMU02874

RHSA-2013:0237

RHSA-2013:0247

20130118 [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable

20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable

GLSA-201406-32

http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717

VU#858729

US Government Resource

MDVSA-2013:095

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Vendor Advisory

20130122 Re: [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable

TA13-032A

US Government Resource

oval:org.mitre.oval:def:16579

oval:org.mitre.oval:def:19418

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.