Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-0431

Published: 31/01/2013 Updated: 26/04/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Oracle

Vulnerability Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote malicious users to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jre 1.7.0

oracle openjdk 7

Vendor Advisories

Red Hat: Critical: java-1.7.0-ibm security update
Synopsis Critical: java-170-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-170-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...
Red Hat: Important: java-1.7.0-openjdk security update
Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-170-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant secur ...
Amazon Linux AMI: ALAS-2013-156
Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE- ...

Exploits

Exploit DB: Java Applet JMX - Remote Code Execution (Metasploit) (2)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking includ ...

Github Repositories

https://github.com/eternal-red/data-exfiltration

data-exfiltration Windows javascript file and folder exfiltration exploit for outdated vulnerabilities The javascript vulnerability uses the ActiveXObject vulnerability to get RCE ActiveXObject was a vulnerability patched in 2021 (CVE-2021-40444) The java vulnerability uses signed java applet's ability to gain privledge on the user device after the user accepts the apple

Recent Articles

Investigation Report for the September 2014 Equation malware detection incident in the US
Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

Read more...
Java under attack – the evolution of exploits in 2012-2013
Securelist • Kaspersky Lab • 30 Oct 2013

One of the biggest problems facing the IT security industry is the use of vulnerabilities in legitimate software to launch malware attacks. Malicious programs can use these vulnerabilities to infect a computer without attracting the attention of the user – and, in some cases, without triggering an alert from security software. That’s why cyber criminals prefer these attacks, known as exploits, over other infection methods. Unlike social engineering, which can be hit or miss, the use of vulne...

Read more...

References

NVD-CWE-noinfohttp://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717http://seclists.org/fulldisclosure/2013/Jan/142http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53http://www.securityfocus.com/archive/1/525387/30/0/threadedhttp://seclists.org/fulldisclosure/2013/Jan/195http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0237.htmlhttp://www.us-cert.gov/cas/techalerts/TA13-032A.htmlhttp://www.kb.cert.org/vuls/id/858729http://rhn.redhat.com/errata/RHSA-2013-0247.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.htmlhttp://marc.info/?l=bugtraq&m=136733161405818&w=2http://marc.info/?l=bugtraq&m=136439120408139&w=2https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056http://www.mandriva.com/security/advisories?name=MDVSA-2013:095http://security.gentoo.org/glsa/glsa-201406-32.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579https://access.redhat.com/errata/RHSA-2013:0626https://nvd.nist.govhttps://www.exploit-db.com/exploits/24539/https://www.kb.cert.org/vuls/id/858729
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook