Search for vulnerabilities
Vulnerability details: VCID-q924-2z53-aaag
Vulnerability ID VCID-q924-2z53-aaag
Aliases CVE-2013-1491
Summary CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2013:0757
rhas Critical https://access.redhat.com/errata/RHSA-2013:0758
rhas Critical https://access.redhat.com/errata/RHSA-2013:0822
rhas Critical https://access.redhat.com/errata/RHSA-2013:0823
rhas Important https://access.redhat.com/errata/RHSA-2013:0855
rhas Low https://access.redhat.com/errata/RHSA-2013:1455
rhas Low https://access.redhat.com/errata/RHSA-2013:1456
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.32276 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.48792 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.59644 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.77594 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.77594 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.77594 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.82343 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.82343 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.82343 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.82343 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.82343 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.82343 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.85961 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.85961 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.85961 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
epss 0.85961 https://api.first.org/data/v1/epss?cve=CVE-2013-1491
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=920248
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2013-1491
generic_textual Medium http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
Reference id Reference type URL
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html
http://marc.info/?l=bugtraq&m=137283787217316&w=2
http://rhn.redhat.com/errata/RHSA-2013-0757.html
http://rhn.redhat.com/errata/RHSA-2013-0758.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1491.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19482
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19553
https://twitter.com/thezdi/status/309438311112507392
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
http://www.us-cert.gov/ncas/alerts/TA13-107A
http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/
920248 https://bugzilla.redhat.com/show_bug.cgi?id=920248
cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
CVE-2013-1491 https://nvd.nist.gov/vuln/detail/CVE-2013-1491
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
RHSA-2013:0757 https://access.redhat.com/errata/RHSA-2013:0757
RHSA-2013:0758 https://access.redhat.com/errata/RHSA-2013:0758
RHSA-2013:0822 https://access.redhat.com/errata/RHSA-2013:0822
RHSA-2013:0823 https://access.redhat.com/errata/RHSA-2013:0823
RHSA-2013:0855 https://access.redhat.com/errata/RHSA-2013:0855
RHSA-2013:1455 https://access.redhat.com/errata/RHSA-2013:1455
RHSA-2013:1456 https://access.redhat.com/errata/RHSA-2013:1456
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2013-1491
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96586
EPSS Score 0.32276
Published At May 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.