CVE-2013-2423

LOW KEV RANSOMWARE

Oracle JRE - Improper Access Control

Title source: llm

Exploitation Summary

CVE-2013-2423 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022, with confirmed use in ransomware campaigns. EIP tracks 2 public exploits from researchers including Metasploit, Jeroen Frijters, juan vazquez, including a Metasploit module exploits/multi/browser/java_jre17_reflection_types.

AI-analyzed exploit summary This Metasploit module exploits a Java Applet Reflection Type Confusion vulnerability (CVE-2013-2423) in Java 7u17 and earlier. It leverages weak access control in setting final fields on static classes to execute arbitrary code outside the Java Sandbox.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/24976

View Code ZIP pw:eip

This Metasploit module exploits a Java Applet Reflection Type Confusion vulnerability (CVE-2013-2423) in Java 7u17 and earlier. It leverages weak access control in setting final fields on static classes to execute arbitrary code outside the Java Sandbox.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Java Runtime Environment (JRE) 7u17 and earlier

No auth needed

Prerequisites: User must accept the Java warning to run the malicious applet

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Jeroen Frijters, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_jre17_reflection_types.rb

View Code ZIP pw:eip

This Metasploit module exploits a Java Reflection Type Confusion vulnerability (CVE-2013-2423) in Java 7u17 and earlier, allowing remote code execution by bypassing the Java Sandbox. It uses a crafted JNLP file and applet to trigger the vulnerability, primarily targeting Internet Explorer via ActiveX.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Java Runtime Environment (JRE) 7u17 and earlier

No auth needed

Prerequisites: Target must have Java 7u17 or earlier installed · Target must visit a malicious webpage or open a malicious JNLP file

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2423

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201406-32.xml

Broken Link x_refsource_misc

http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/ncas/alerts/TA13-107A

Third Party Advisory x_refsource_confirm

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0757.html

Patch x_refsource_misc

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/24976

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:161

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0752.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1806-1

Not Applicable x_refsource_misc

http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=952398

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Broken Link x_refsource_confirm

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

Scores

CVSS v3 3.7

EPSS 0.9340

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact partial

Details

CISA KEV 2022-05-25

VulnCheck KEV 2013-05-20

InTheWild.io 2014-02-21

ENISA EUVD EUVD-2013-2369

Ransomware Use Confirmed

CWE

CWE-284

Status published

Products (3)

canonical/ubuntu_linux 12.10

opensuse/opensuse 12.3

oracle/jre 1.7.0 (13 CPE variants)

Published Apr 17, 2013

KEV Added May 25, 2022

Tracked Since Feb 18, 2026