CVE-2013-2458
First published: Mon Jun 17 2013(Updated: )
It was discovered that an error related to method handles exists in the Libraries component. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JRE | <=1.7.0 | |
| Oracle JRE | =1.7.0 | |
| Oracle JRE | =1.7.0-update1 | |
| Oracle JRE | =1.7.0-update10 | |
| Oracle JRE | =1.7.0-update11 | |
| Oracle JRE | =1.7.0-update13 | |
| Oracle JRE | =1.7.0-update15 | |
| Oracle JRE | =1.7.0-update17 | |
| Oracle JRE | =1.7.0-update2 | |
| Oracle JRE | =1.7.0-update3 | |
| Oracle JRE | =1.7.0-update4 | |
| Oracle JRE | =1.7.0-update5 | |
| Oracle JRE | =1.7.0-update6 | |
| Oracle JRE | =1.7.0-update7 | |
| Oracle JRE | =1.7.0-update9 | |
| Oracle Java SE 7 | <=1.7.0 | |
| Oracle Java SE 7 | =1.7.0 | |
| Oracle Java SE 7 | =1.7.0-update1 | |
| Oracle Java SE 7 | =1.7.0-update10 | |
| Oracle Java SE 7 | =1.7.0-update11 | |
| Oracle Java SE 7 | =1.7.0-update13 | |
| Oracle Java SE 7 | =1.7.0-update15 | |
| Oracle Java SE 7 | =1.7.0-update17 | |
| Oracle Java SE 7 | =1.7.0-update2 | |
| Oracle Java SE 7 | =1.7.0-update3 | |
| Oracle Java SE 7 | =1.7.0-update4 | |
| Oracle Java SE 7 | =1.7.0-update5 | |
| Oracle Java SE 7 | =1.7.0-update6 | |
| Oracle Java SE 7 | =1.7.0-update7 | |
| Oracle Java SE 7 | =1.7.0-update9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
- https://rhn.redhat.com/errata/RHSA-2013-0958.html
- https://rhn.redhat.com/errata/RHSA-2013-0957.html
- http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/9efb5fb77027
- https://rhn.redhat.com/errata/RHSA-2013-0963.html
- https://rhn.redhat.com/errata/RHSA-2013-1060.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-June/023849.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-June/023860.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html
- https://bugzilla.redhat.com/show_bug.cgi?id=975130
- http://advisories.mageia.org/MGASA-2013-0185.html
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
- http://marc.info/?l=bugtraq&m=137545505800971&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0963.html
- http://rhn.redhat.com/errata/RHSA-2013-1060.html
- http://secunia.com/advisories/54154
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21642336
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
- http://www.us-cert.gov/ncas/alerts/TA13-169A
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17069
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19709
Frequently Asked Questions
What is the severity of CVE-2013-2458?
CVE-2013-2458 has been classified with a high severity level due to its potential to allow untrusted Java applications to bypass sandbox restrictions.
How do I fix CVE-2013-2458?
To remediate CVE-2013-2458, it is recommended to update to a patched version of Oracle Java SE or JDK that addresses this vulnerability.
What types of Java versions are affected by CVE-2013-2458?
CVE-2013-2458 affects Oracle Java SE 7 up to and including update 21, as well as various subsequent updates for JDK and JRE.
Can CVE-2013-2458 be exploited remotely?
Yes, CVE-2013-2458 can be exploited by an untrusted Java application or applet remotely, making it a critical concern for users.
What are the implications of CVE-2013-2458 for application security?
The implications of CVE-2013-2458 include the potential for unauthorized access and control of systems running vulnerable versions of Java.
- collector/redhat-bugzilla
- alias/CVE-2013-2458
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jre
- version/oracle jre/1.7.0
- version/oracle jre/1.7.0-update1
- version/oracle jre/1.7.0-update10
- version/oracle jre/1.7.0-update11
- version/oracle jre/1.7.0-update13
- version/oracle jre/1.7.0-update15
- version/oracle jre/1.7.0-update17
- version/oracle jre/1.7.0-update2
- version/oracle jre/1.7.0-update3
- version/oracle jre/1.7.0-update4
- version/oracle jre/1.7.0-update5
- version/oracle jre/1.7.0-update6
- version/oracle jre/1.7.0-update7
- version/oracle jre/1.7.0-update9
- canonical/oracle java se 7
- version/oracle java se 7/1.7.0
- version/oracle java se 7/1.7.0-update1
- version/oracle java se 7/1.7.0-update10
- version/oracle java se 7/1.7.0-update11
- version/oracle java se 7/1.7.0-update13
- version/oracle java se 7/1.7.0-update15
- version/oracle java se 7/1.7.0-update17
- version/oracle java se 7/1.7.0-update2
- version/oracle java se 7/1.7.0-update3
- version/oracle java se 7/1.7.0-update4
- version/oracle java se 7/1.7.0-update5
- version/oracle java se 7/1.7.0-update6
- version/oracle java se 7/1.7.0-update7
- version/oracle java se 7/1.7.0-update9