CVE-2013-2423

KEV

Published: Apr 17, 2013 Last Modified: Ott 22, 2025

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

MEDIUM 4,3

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: none

Integrity: partial

Availability: none

Description

AI Translation Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,9323

Percentile

1,0th

Updated

EPSS Score Trend (Last 90 Days)

284

Improper Access Control

Incomplete

Abstraction: Pillar Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Varies By Context

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific, Web Based

View CWE Details

Exploit

Java Applet - Reflection Type Confusion Remote Code …

Verified Metasploit Framework (MSF)

Java Applet - Reflection Type Confusion Remote Code Execution (Metasploit)

Author: Metasploit Published: Status: Verified

View Exploit Code →

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Opensuse by Opensuse

Product Information

Vendor Opensuse

Product Opensuse

Version 12.3

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Ubuntu Linux by Canonical

Product Information

Vendor Canonical

Product Ubuntu Linux

Version 12.10

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013…

http://blog.fuseyism.com/index.php/2013/04/22/security-iced…

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjd…

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be…

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099…

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

http://rhn.redhat.com/errata/RHSA-2013-0752.html

http://rhn.redhat.com/errata/RHSA-2013-0752.html

http://rhn.redhat.com/errata/RHSA-2013-0757.html

http://rhn.redhat.com/errata/RHSA-2013-0757.html

https://bugzilla.redhat.com/show_bug.cgi?id=952398

https://bugzilla.redhat.com/show_bug.cgi?id=952398

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://security.gentoo.org/glsa/glsa-201406-32.xml

https://oval.cisecurity.org/repository/search/definition/ov…

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-01…

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-49…

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0

http://www.exploit-db.com/exploits/24976

http://www.exploit-db.com/exploits/24976

http://www.mandriva.com/security/advisories?name=MDVSA-2013…

http://www.mandriva.com/security/advisories?name=MDVSA-2013:161

http://www.oracle.com/technetwork/topics/security/javacpuap…

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

http://www.ubuntu.com/usn/USN-1806-1

http://www.ubuntu.com/usn/USN-1806-1

http://www.us-cert.gov/ncas/alerts/TA13-107A

http://www.us-cert.gov/ncas/alerts/TA13-107A

http://blog.fuseyism.com/index.php/2013/04/22/security-iced…

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjd…

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be…

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099…

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

http://rhn.redhat.com/errata/RHSA-2013-0752.html

http://rhn.redhat.com/errata/RHSA-2013-0752.html

http://rhn.redhat.com/errata/RHSA-2013-0757.html

http://rhn.redhat.com/errata/RHSA-2013-0757.html

https://bugzilla.redhat.com/show_bug.cgi?id=952398

https://bugzilla.redhat.com/show_bug.cgi?id=952398

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://security.gentoo.org/glsa/glsa-201406-32.xml

https://oval.cisecurity.org/repository/search/definition/ov…

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-01…

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-49…

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0

http://www.exploit-db.com/exploits/24976

http://www.exploit-db.com/exploits/24976

http://www.mandriva.com/security/advisories?name=MDVSA-2013…

http://www.mandriva.com/security/advisories?name=MDVSA-2013:161

http://www.oracle.com/technetwork/topics/security/javacpuap…

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

http://www.ubuntu.com/usn/USN-1806-1

http://www.ubuntu.com/usn/USN-1806-1

http://www.us-cert.gov/ncas/alerts/TA13-107A

http://www.us-cert.gov/ncas/alerts/TA13-107A