Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8r3h-mg3u-y3gd
Vulnerability ID VCID-8r3h-mg3u-y3gd
Aliases CVE-2013-2423
Summary OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 3.7 http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
ssvc Track http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
cvssv3.1 3.7 http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
ssvc Track http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
cvssv3.1 3.7 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
ssvc Track http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
cvssv3.1 3.7 http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
ssvc Track http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
cvssv3.1 3.7 http://rhn.redhat.com/errata/RHSA-2013-0752.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2013-0752.html
cvssv3.1 3.7 http://rhn.redhat.com/errata/RHSA-2013-0757.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2013-0757.html
epss 0.93397 https://api.first.org/data/v1/epss?cve=CVE-2013-2423
cvssv3.1 3.7 https://bugzilla.redhat.com/show_bug.cgi?id=952398
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=952398
cvssv3.1 3.7 http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc Track http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv3.1 3.7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
ssvc Track https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
cvssv3.1 3.7 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
ssvc Track https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
cvssv3.1 3.7 http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
ssvc Track http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
cvssv3.1 3.7 http://www.exploit-db.com/exploits/24976
ssvc Track http://www.exploit-db.com/exploits/24976
cvssv3.1 3.7 http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
ssvc Track http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
cvssv3.1 3.7 http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
ssvc Track http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
cvssv3.1 3.7 http://www.ubuntu.com/usn/USN-1806-1
ssvc Track http://www.ubuntu.com/usn/USN-1806-1
cvssv3.1 3.7 http://www.us-cert.gov/ncas/alerts/TA13-107A
ssvc Track http://www.us-cert.gov/ncas/alerts/TA13-107A
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2423.json
https://api.first.org/data/v1/epss?cve=CVE-2013-2423
24976 http://www.exploit-db.com/exploits/24976
952398 https://bugzilla.redhat.com/show_bug.cgi?id=952398
advisories?name=MDVSA-2013:161 http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
b453d9be6b3f http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
CVE-2013-2423;OSVDB-92348 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24976.rb
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
javacpuapr2013-1928497.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
java-is-so-confusing.html http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
MGASA-2013-0130 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
msg00099.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
oval%3Aorg.mitre.oval%3Adef%3A16700 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0 http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
RHSA-2013:0751 https://access.redhat.com/errata/RHSA-2013:0751
RHSA-2013:0752 https://access.redhat.com/errata/RHSA-2013:0752
RHSA-2013-0752.html http://rhn.redhat.com/errata/RHSA-2013-0752.html
RHSA-2013:0757 https://access.redhat.com/errata/RHSA-2013:0757
RHSA-2013-0757.html http://rhn.redhat.com/errata/RHSA-2013-0757.html
RHSA-2013:0822 https://access.redhat.com/errata/RHSA-2013:0822
security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
TA13-107A http://www.us-cert.gov/ncas/alerts/TA13-107A
USN-1806-1 https://usn.ubuntu.com/1806-1/
USN-1806-1 http://www.ubuntu.com/usn/USN-1806-1
Data source Exploit-DB
Date added April 23, 2013
Description Java Applet - Reflection Type Confusion Remote Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date April 23, 2013
Exploit type remote
Platform multiple
Source update date April 23, 2013
Data source Metasploit
Description This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date Jan. 10, 2013
Platform Java,Linux,OSX,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_jre17_reflection_types.rb
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://blog.spiderlabs.com/2013/04/java-is-so-confusing.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b453d9be6b3f
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2013-0752.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0752.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2013-0757.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0757.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=952398
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=952398
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16700
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://weblog.ikvm.net/PermaLink.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.exploit-db.com/exploits/24976
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.exploit-db.com/exploits/24976
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.ubuntu.com/usn/USN-1806-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.ubuntu.com/usn/USN-1806-1
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.us-cert.gov/ncas/alerts/TA13-107A
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:17Z/ Found at http://www.us-cert.gov/ncas/alerts/TA13-107A
Exploit Prediction Scoring System (EPSS)
Percentile 0.99823
EPSS Score 0.93397
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T10:08:59.279236+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2423.json 38.6.0