← voltar
CVE-2013-1488

CVE-2013-1488

EPSS 87.0%
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
Produtos afetados
n/a · n/a
PoCs públicas encontradas2
githubgithub.com/v-p-b/buherablog-cve-2013-14884exploitdbwww.exploit-db.com/exploits/26135não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabbhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.htmlhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00017.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00099.htmlhttp://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0752.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0757.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=920247http://security.gentoo.org/glsa/glsa-201406-32.xml