VYPR
Get started
← All advisories
Low severity3.7CISA KEVNVD Advisory· Published Apr 17, 2013· Updated Apr 22, 2026

CVE-2013-2423

CVE-2013-2423

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

Affected products

15
  • Oracle Corporation/Jre13 versions
    cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
    • cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
  • Canonical/Ubuntu Linux
    cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE
    cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

17

News mentions

0

No linked articles in our index yet.