← back
CVE-2013-0431

CVE-2013-0431

CVSS 5.3 MEDIUMEPSS 90.0%● KEVCWE-693
In short

A flaw in Java's security sandbox allows attackers to escape restrictions and run malicious code if a user interacts with a specially crafted file or website. This bypasses Java's built-in protections that normally prevent untrusted programs from accessing your system.

Technical detail

An unspecified vulnerability in the JMX (Java Management Extensions) subsystem of Oracle Java SE 7 (up to Update 11) and OpenJDK 7 permits user-assisted remote code execution by circumventing sandbox restrictions. The attack vector requires user interaction and exploits weaknesses in the security manager's access control mechanisms, enabling arbitrary code execution outside the intended security boundary.

Summary generated and translated by AI from the official description.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/24539unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.htmlhttp://marc.info/?l=bugtraq&m=136439120408139&w=2http://marc.info/?l=bugtraq&m=136733161405818&w=2http://rhn.redhat.com/errata/RHSA-2013-0237.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0247.htmlhttp://seclists.org/fulldisclosure/2013/Jan/142http://seclists.org/fulldisclosure/2013/Jan/195http://security.gentoo.org/glsa/glsa-201406-32.xmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418