CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-0431

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.916

EPSS Ranking 99.7%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

Proposed Action

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.

Ransomware Campaign

Known

References

http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://rhn.redhat.com/errata/RHSA-2013-0237.html
http://rhn.redhat.com/errata/RHSA-2013-0247.html
http://seclists.org/fulldisclosure/2013/Jan/142
http://seclists.org/fulldisclosure/2013/Jan/195
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
http://www.kb.cert.org/vuls/id/858729
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.securityfocus.com/archive/1/525387/30/0/threaded
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://rhn.redhat.com/errata/RHSA-2013-0237.html
http://rhn.redhat.com/errata/RHSA-2013-0247.html
http://seclists.org/fulldisclosure/2013/Jan/142
http://seclists.org/fulldisclosure/2013/Jan/195
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
http://www.kb.cert.org/vuls/id/858729
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.securityfocus.com/archive/1/525387/30/0/threaded
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

Products affected by CVE-2013-0431

Oracle » Jre » Version: 1.7.0

cpe:2.3:a:oracle:jre:1.7.0
Oracle » Openjdk » Version: 7

cpe:2.3:a:oracle:openjdk:7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-0431

Products

Pricing

Contact Us