Published: 18/06/2013 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and previous versions, and OpenJDK 7, allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote malicious users to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle jre 1.7.0
oracle jre
oracle jdk 1.7.0
oracle jdk

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service For the stable distribution (wheezy), these problems have been fixed in version 7u25-2310-1~deb7u1 In addition icedtea-we ...

IcedTea Web updated to work with new OpenJDK 7 ...

Several security issues were fixed in OpenJDK 7 ...

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE- ...

This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments The vulnerability affects Java version 7u21 and earlier ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking # Because t ...

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html https://bugzilla.redhat.com/show_bug.cgi?id=975122 http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a http://rhn.redhat.com/errata/RHSA-2013-0963.html http://secunia.com/advisories/54154 http://www-01.ibm.com/support/docview.wss?uid=swg21642336 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://rhn.redhat.com/errata/RHSA-2013-1060.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://www.us-cert.gov/ncas/alerts/TA13-169A http://marc.info/?l=bugtraq&m=137545505800971&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2013:183 http://advisories.mageia.org/MGASA-2013-0185.html http://security.gentoo.org/glsa/glsa-201406-32.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19129 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17116 https://nvd.nist.gov https://www.debian.org/security/./dsa-2722 https://usn.ubuntu.com/1907-2/https://www.exploit-db.com/exploits/26529/

CVE-2013-2460

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect