10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17
and earlier, and OpenJDK 6 and 7, allows remote attackers to execute
arbitrary code via unspecified vectors involving reflection, Libraries,
“improper toString calls,” and the JDBC driver manager, as demonstrated by
James Forshaw during a Pwn2Own competition at CanSecWest 2013.
Author | Note |
---|---|
jdstrand | No current information on this issue as of 2013-04-19 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | openjdk-6 | < 6b27-1.12.5-0ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-6 | < 6b27-1.12.5-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-6 | < 6b27-1.12.5-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-6 | < 6b27-1.12.5-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | openjdk-6 | < 6b27-1.12.5-1ubuntu1 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-7 | < 7u21-2.3.9-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-7 | < 7u21-2.3.9-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-7 | < 2013-04-19 | UNKNOWN |
ubuntu | 13.04 | noarch | openjdk-7 | < 7u21-2.3.9-1ubuntu1 | UNKNOWN |
h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/
launchpad.net/bugs/cve/CVE-2013-1488
nvd.nist.gov/vuln/detail/CVE-2013-1488
security-tracker.debian.org/tracker/CVE-2013-1488
twitter.com/thezdi/status/309425888188043264
ubuntu.com/security/notices/USN-1806-1
ubuntu.com/security/notices/USN-1819-1
www.cve.org/CVERecord?id=CVE-2013-1488