CVE-2013-2460

EXPLOITED

Oracle Java SE <7 Update 21 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/26529

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Adam Gowdiak, s advisory and also POC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_jre17_provider_skeleton.rb

View Code ZIP pw:eip

References (16)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0963.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1060.html

[Third Party Advisory] http://advisories.mageia.org/MGASA-2013-0185.html

[Various Sources] http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21642336

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2013:183

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

[US Government Resource] http://www.us-cert.gov/ncas/alerts/TA13-169A

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201406-32.xml

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=975122

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17116

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19129

[Third Party Advisory] http://secunia.com/advisories/54154

[Mailing List] http://marc.info/?l=bugtraq&m=137545505800971&w=2

Scores

EPSS 0.9171

EPSS Percentile 99.7%

Details

VulnCheck KEV 2021-08-17

Status published

Products (4)

oracle/jdk 1.7.0 (14 CPE variants)

oracle/jdk < 1.7.0

oracle/jre 1.7.0 (14 CPE variants)

oracle/jre < 1.7.0

Published Jun 18, 2013

Tracked Since Feb 18, 2026