VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-x48j-71gg-aaag

Essentials
Severities (77)
References (52)
Severity details (44)
Exploits (3)
EPSS
History (0)

Vulnerability ID	VCID-x48j-71gg-aaag
Aliases	CVE-2013-0431
Summary	CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52)
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3.1	5.3	http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
ssvc	Attend	http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
cvssv3.1	5.3	http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
ssvc	Attend	http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
cvssv3.1	5.3	http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
cvssv3.1	5.3	http://marc.info/?l=bugtraq&m=136439120408139&w=2
ssvc	Attend	http://marc.info/?l=bugtraq&m=136439120408139&w=2
cvssv3.1	5.3	http://marc.info/?l=bugtraq&m=136733161405818&w=2
ssvc	Attend	http://marc.info/?l=bugtraq&m=136733161405818&w=2
cvssv3.1	5.3	http://rhn.redhat.com/errata/RHSA-2013-0237.html
ssvc	Attend	http://rhn.redhat.com/errata/RHSA-2013-0237.html
cvssv3.1	5.3	http://rhn.redhat.com/errata/RHSA-2013-0247.html
ssvc	Attend	http://rhn.redhat.com/errata/RHSA-2013-0247.html
rhas	Critical	https://access.redhat.com/errata/RHSA-2013:0237
rhas	Important	https://access.redhat.com/errata/RHSA-2013:0247
rhas	Critical	https://access.redhat.com/errata/RHSA-2013:0626
epss	0.89935	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.89935	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.90934	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.90934	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.91587	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.91587	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.91587	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.91587	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.91587	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.91587	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.91992	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92213	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.92597	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.97033	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.97033	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.97033	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.97033	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.97033	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
epss	0.97033	https://api.first.org/data/v1/epss?cve=CVE-2013-0431
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=906447
cvssv3.1	5.3	http://seclists.org/fulldisclosure/2013/Jan/142
ssvc	Attend	http://seclists.org/fulldisclosure/2013/Jan/142
cvssv3.1	5.3	http://seclists.org/fulldisclosure/2013/Jan/195
ssvc	Attend	http://seclists.org/fulldisclosure/2013/Jan/195
cvssv3.1	5.3	http://security.gentoo.org/glsa/glsa-201406-32.xml
generic_textual	HIGH	http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc	Attend	http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv2	5.0	https://nvd.nist.gov/vuln/detail/CVE-2013-0431
cvssv3.1	5.3	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
ssvc	Attend	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
cvssv3.1	5.3	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
ssvc	Attend	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
cvssv3.1	5.3	https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
ssvc	Attend	https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
cvssv3.1	5.3	http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
ssvc	Attend	http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
cvssv3.1	5.3	http://www.kb.cert.org/vuls/id/858729
ssvc	Attend	http://www.kb.cert.org/vuls/id/858729
cvssv3.1	5.3	http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
ssvc	Attend	http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
cvssv3.1	5.3	http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
ssvc	Attend	http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
cvssv3.1	5.3	http://www.securityfocus.com/archive/1/525387/30/0/threaded
ssvc	Attend	http://www.securityfocus.com/archive/1/525387/30/0/threaded
cvssv3.1	5.3	http://www.us-cert.gov/cas/techalerts/TA13-032A.html
ssvc	Attend	http://www.us-cert.gov/cas/techalerts/TA13-032A.html

Reference id	Reference type	URL
		http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
		http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
		http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
		http://marc.info/?l=bugtraq&m=136439120408139&w=2
		http://marc.info/?l=bugtraq&m=136733161405818&w=2
		http://rhn.redhat.com/errata/RHSA-2013-0237.html
		http://rhn.redhat.com/errata/RHSA-2013-0247.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0431.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-0431
		http://seclists.org/fulldisclosure/2013/Jan/142
		http://seclists.org/fulldisclosure/2013/Jan/195
		http://security.gentoo.org/glsa/glsa-201406-32.xml
		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
		https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
		http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
		http://www.kb.cert.org/vuls/id/858729
		http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
		http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
		http://www.securityfocus.com/archive/1/525387/30/0/threaded
		http://www.us-cert.gov/cas/techalerts/TA13-032A.html
906447		https://bugzilla.redhat.com/show_bug.cgi?id=906447
cpe:2.3:a:oracle:jdk:1.7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:::::::*
cpe:2.3:a:oracle:jdk:1.7.0:update1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update1::::::
cpe:2.3:a:oracle:jdk:1.7.0:update10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update10::::::
cpe:2.3:a:oracle:jdk:1.7.0:update11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update11::::::
cpe:2.3:a:oracle:jdk:1.7.0:update2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update2::::::
cpe:2.3:a:oracle:jdk:1.7.0:update3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update3::::::
cpe:2.3:a:oracle:jdk:1.7.0:update4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update4::::::
cpe:2.3:a:oracle:jdk:1.7.0:update5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update5::::::
cpe:2.3:a:oracle:jdk:1.7.0:update6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update6::::::
cpe:2.3:a:oracle:jdk:1.7.0:update7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update7::::::
cpe:2.3:a:oracle:jdk:1.7.0:update9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update9::::::
cpe:2.3:a:oracle:jre:1.7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:::::::*
cpe:2.3:a:oracle:jre:1.7.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:-::::::
cpe:2.3:a:oracle:jre:1.7.0:update1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1::::::
cpe:2.3:a:oracle:jre:1.7.0:update10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update10::::::
cpe:2.3:a:oracle:jre:1.7.0:update11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update11::::::
cpe:2.3:a:oracle:jre:1.7.0:update2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update2::::::
cpe:2.3:a:oracle:jre:1.7.0:update3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update3::::::
cpe:2.3:a:oracle:jre:1.7.0:update4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update4::::::
cpe:2.3:a:oracle:jre:1.7.0:update5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update5::::::
cpe:2.3:a:oracle:jre:1.7.0:update6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update6::::::
cpe:2.3:a:oracle:jre:1.7.0:update7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update7::::::
cpe:2.3:a:oracle:jre:1.7.0:update9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update9::::::
cpe:2.3:a:oracle:openjdk:7:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:7:-::::::
CVE-2013-0431		https://nvd.nist.gov/vuln/detail/CVE-2013-0431
CVE-2013-0431;OSVDB-89613	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24539.rb
GLSA-201406-32		https://security.gentoo.org/glsa/201406-32
RHSA-2013:0237		https://access.redhat.com/errata/RHSA-2013:0237
RHSA-2013:0247		https://access.redhat.com/errata/RHSA-2013:0247
RHSA-2013:0626		https://access.redhat.com/errata/RHSA-2013:0626

Data source	Exploit-DB
Date added	Feb. 25, 2013
Description	Java Applet JMX - Remote Code Execution (Metasploit) (2)
Ransomware campaign use	Known
Source publication date	Feb. 25, 2013
Exploit type	remote
Platform	multiple
Source update date	Feb. 25, 2013

Data source	KEV
Date added	May 25, 2022
Description	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
Required action	Apply updates per vendor instructions.
Due date	June 15, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2013-0431
Ransomware campaign use	Known

Data source	Metasploit
Description	This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.
Note	{}
Ransomware campaign use	Unknown
Source publication date	Jan. 19, 2013
Platform	Java,Linux,OSX,Windows
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/java_jre17_jmxbean_2.rb

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://marc.info/?l=bugtraq&m=136439120408139&w=2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://marc.info/?l=bugtraq&m=136439120408139&w=2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://marc.info/?l=bugtraq&m=136733161405818&w=2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://marc.info/?l=bugtraq&m=136733161405818&w=2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2013-0237.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0237.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2013-0247.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://rhn.redhat.com/errata/RHSA-2013-0247.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://seclists.org/fulldisclosure/2013/Jan/142

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://seclists.org/fulldisclosure/2013/Jan/142

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://seclists.org/fulldisclosure/2013/Jan/195

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://seclists.org/fulldisclosure/2013/Jan/195

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://security.gentoo.org/glsa/glsa-201406-32.xml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-0431

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.kb.cert.org/vuls/id/858729

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://www.kb.cert.org/vuls/id/858729

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:095

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://www.mandriva.com/security/advisories?name=MDVSA-2013:095

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.securityfocus.com/archive/1/525387/30/0/threaded

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://www.securityfocus.com/archive/1/525387/30/0/threaded

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at http://www.us-cert.gov/cas/techalerts/TA13-032A.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-10T19:50:20Z/ Found at http://www.us-cert.gov/cas/techalerts/TA13-032A.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.99041
EPSS Score	0.89935
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.

Reference id	Reference type	URL
		http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/
		http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
		http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
		http://marc.info/?l=bugtraq&m=136439120408139&w=2
		http://marc.info/?l=bugtraq&m=136733161405818&w=2
		http://rhn.redhat.com/errata/RHSA-2013-0237.html
		http://rhn.redhat.com/errata/RHSA-2013-0247.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0431.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-0431
		http://seclists.org/fulldisclosure/2013/Jan/142
		http://seclists.org/fulldisclosure/2013/Jan/195
		http://security.gentoo.org/glsa/glsa-201406-32.xml
		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579
		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418
		https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
		http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717
		http://www.kb.cert.org/vuls/id/858729
		http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
		http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
		http://www.securityfocus.com/archive/1/525387/30/0/threaded
		http://www.us-cert.gov/cas/techalerts/TA13-032A.html
906447		https://bugzilla.redhat.com/show_bug.cgi?id=906447
cpe:2.3:a:oracle:jdk:1.7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:::::::*
cpe:2.3:a:oracle:jdk:1.7.0:update1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update1::::::
cpe:2.3:a:oracle:jdk:1.7.0:update10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update10::::::
cpe:2.3:a:oracle:jdk:1.7.0:update11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update11::::::
cpe:2.3:a:oracle:jdk:1.7.0:update2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update2::::::
cpe:2.3:a:oracle:jdk:1.7.0:update3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update3::::::
cpe:2.3:a:oracle:jdk:1.7.0:update4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update4::::::
cpe:2.3:a:oracle:jdk:1.7.0:update5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update5::::::
cpe:2.3:a:oracle:jdk:1.7.0:update6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update6::::::
cpe:2.3:a:oracle:jdk:1.7.0:update7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update7::::::
cpe:2.3:a:oracle:jdk:1.7.0:update9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update9::::::
cpe:2.3:a:oracle:jre:1.7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:::::::*
cpe:2.3:a:oracle:jre:1.7.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:-::::::
cpe:2.3:a:oracle:jre:1.7.0:update1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update1::::::
cpe:2.3:a:oracle:jre:1.7.0:update10::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update10::::::
cpe:2.3:a:oracle:jre:1.7.0:update11::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update11::::::
cpe:2.3:a:oracle:jre:1.7.0:update2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update2::::::
cpe:2.3:a:oracle:jre:1.7.0:update3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update3::::::
cpe:2.3:a:oracle:jre:1.7.0:update4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update4::::::
cpe:2.3:a:oracle:jre:1.7.0:update5::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update5::::::
cpe:2.3:a:oracle:jre:1.7.0:update6::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update6::::::
cpe:2.3:a:oracle:jre:1.7.0:update7::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update7::::::
cpe:2.3:a:oracle:jre:1.7.0:update9::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update9::::::
cpe:2.3:a:oracle:openjdk:7:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:7:-::::::
CVE-2013-0431		https://nvd.nist.gov/vuln/detail/CVE-2013-0431
CVE-2013-0431;OSVDB-89613	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24539.rb
GLSA-201406-32		https://security.gentoo.org/glsa/201406-32
RHSA-2013:0237		https://access.redhat.com/errata/RHSA-2013:0237
RHSA-2013:0247		https://access.redhat.com/errata/RHSA-2013:0247
RHSA-2013:0626		https://access.redhat.com/errata/RHSA-2013:0626