Search for vulnerabilities
Vulnerability details: VCID-sny2-vgwn-aaas
Vulnerability ID VCID-sny2-vgwn-aaas
Aliases CVE-2013-0422
Summary CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
cvssv3.1 9.8 http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
ssvc Act http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
cvssv3.1 9.8 http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
ssvc Act http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
cvssv3.1 9.8 http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
ssvc Act http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
cvssv3.1 9.8 http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
ssvc Act http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
cvssv3.1 9.8 http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
ssvc Act http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
cvssv3.1 9.8 http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
ssvc Act http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2013-0156.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2013-0156.html
cvssv3.1 9.8 http://rhn.redhat.com/errata/RHSA-2013-0165.html
ssvc Act http://rhn.redhat.com/errata/RHSA-2013-0165.html
rhas Critical https://access.redhat.com/errata/RHSA-2013:0156
rhas Important https://access.redhat.com/errata/RHSA-2013:0165
rhas Critical https://access.redhat.com/errata/RHSA-2013:0626
epss 0.91689 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.91689 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.91689 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.91689 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93624 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93624 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93624 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93624 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93624 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.93647 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.97228 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.97228 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.97228 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.97228 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.97291 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
epss 0.97291 https://api.first.org/data/v1/epss?cve=CVE-2013-0422
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=894172
cvssv3.1 9.8 http://seclists.org/bugtraq/2013/Jan/48
ssvc Act http://seclists.org/bugtraq/2013/Jan/48
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2013-0422
cvssv3.1 9.8 https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
ssvc Act https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
cvssv3.1 9.8 https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
ssvc Act https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
cvssv3.1 9.8 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
ssvc Act https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
cvssv3.1 9.8 https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
ssvc Act https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
cvssv3.1 9.8 http://www.kb.cert.org/vuls/id/625617
ssvc Act http://www.kb.cert.org/vuls/id/625617
cvssv3.1 9.8 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
ssvc Act http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
cvssv3.1 9.8 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
ssvc Act http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
cvssv3.1 9.8 http://www.ubuntu.com/usn/USN-1693-1
ssvc Act http://www.ubuntu.com/usn/USN-1693-1
cvssv3.1 9.8 http://www.us-cert.gov/cas/techalerts/TA13-010A.html
ssvc Act http://www.us-cert.gov/cas/techalerts/TA13-010A.html
Reference id Reference type URL
http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
http://rhn.redhat.com/errata/RHSA-2013-0156.html
http://rhn.redhat.com/errata/RHSA-2013-0165.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0422.json
https://api.first.org/data/v1/epss?cve=CVE-2013-0422
http://seclists.org/bugtraq/2013/Jan/48
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
http://www.kb.cert.org/vuls/id/625617
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
http://www.ubuntu.com/usn/USN-1693-1
http://www.us-cert.gov/cas/techalerts/TA13-010A.html
894172 https://bugzilla.redhat.com/show_bug.cgi?id=894172
cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
CVE-2013-0422 https://nvd.nist.gov/vuln/detail/CVE-2013-0422
CVE-2013-0422;OSVDB-89059 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/24045.rb
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
RHSA-2013:0156 https://access.redhat.com/errata/RHSA-2013:0156
RHSA-2013:0165 https://access.redhat.com/errata/RHSA-2013:0165
RHSA-2013:0626 https://access.redhat.com/errata/RHSA-2013:0626
USN-1693-1 https://usn.ubuntu.com/1693-1/
Data source Exploit-DB
Date added Jan. 11, 2013
Description Java Applet JMX - Remote Code Execution (Metasploit) (1)
Ransomware campaign use Known
Source publication date Jan. 11, 2013
Exploit type remote
Platform java
Source update date Jan. 11, 2013
Data source KEV
Date added May 25, 2022
Description A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
Required action Apply updates per vendor instructions.
Due date June 15, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2013-0422
Ransomware campaign use Unknown
Data source Metasploit
Description This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier.
Note 
{}
Ransomware campaign use Unknown
Source publication date Jan. 10, 2013
Platform Java,Linux,OSX,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_jre17_jmxbean.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2013-0156.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0156.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2013-0165.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0165.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/bugtraq/2013/Jan/48
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://seclists.org/bugtraq/2013/Jan/48
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2013-0422
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.kb.cert.org/vuls/id/625617
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://www.kb.cert.org/vuls/id/625617
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-1693-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://www.ubuntu.com/usn/USN-1693-1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.us-cert.gov/cas/techalerts/TA13-010A.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T19:51:35Z/ Found at http://www.us-cert.gov/cas/techalerts/TA13-010A.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.99155
EPSS Score 0.91689
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.