CVE-2013-4578

Published: Dic 29, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2013-4436 Aliases: GSD-2013-4578

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

MEDIUM 5,0

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: none

Integrity: partial

Availability: none

Description

AI Translation Available

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0029

Percentile

0,5th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Access Control Other Integrity Non-Repudiation

Potential Impacts:

Read Application Data Bypass Protection Mechanism Alter Execution Logic Other Hide Activities

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update45_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update45_b34:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update11_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update45_b34:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update7_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update21_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update25_b34:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update21_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update25_b33:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update45_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update17_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update25_b33:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update51:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update45_b33:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update45_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update9_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update9_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update10_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version Range Affected

To 1.7.0 (inclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update45_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update9_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update10_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update25_b34:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update17_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update25_b35:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update7_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update9_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update17_b31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update45_b33:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update11_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version Range Affected

To 1.7.0 (inclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update17_b32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jre by Oracle

Product Information

Vendor Oracle

Product Jre

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update25_b35:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Jdk by Oracle

Product Information

Vendor Oracle

Product Jdk

Version 1.7.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927e

Patch Vendor Advisory

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927e

https://access.redhat.com/errata/RHSA-2014:0414

Patch Third Party Advisory VDB Entry

https://access.redhat.com/errata/RHSA-2014:0414

https://bugzilla.redhat.com/show_bug.cgi?id=1031471

Issue Tracking Patch Third Party Advisory VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1031471

http://www.openwall.com/lists/oss-security/2015/02/08/6

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/08/6

http://www.openwall.com/lists/oss-security/2015/02/09/9

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/09/9

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927e

Patch Vendor Advisory

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927e

https://access.redhat.com/errata/RHSA-2014:0414

Patch Third Party Advisory VDB Entry

https://access.redhat.com/errata/RHSA-2014:0414

https://bugzilla.redhat.com/show_bug.cgi?id=1031471

Issue Tracking Patch Third Party Advisory VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1031471

http://www.openwall.com/lists/oss-security/2015/02/08/6

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/08/6

http://www.openwall.com/lists/oss-security/2015/02/09/9

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/02/09/9