← back
CVE-2013-4578

CVE-2013-4578

EPSS 2.4%
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927ehttps://access.redhat.com/errata/RHSA-2014:0414https://bugzilla.redhat.com/show_bug.cgi?id=1031471http://www.openwall.com/lists/oss-security/2015/02/08/6http://www.openwall.com/lists/oss-security/2015/02/09/9