Medium severity5.3NVD Advisory· Published Dec 29, 2017· Updated May 13, 2026
CVE-2013-4578
CVE-2013-4578
Description
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
Affected products
68cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*range: <=1.7.0
- cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update10_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update11_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update17_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update17_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update21_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update25_b33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update25_b34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update25_b35:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update45_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update45_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update45_b33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update45_b34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update7_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update9_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update9_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*range: <=1.7.0
- cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update10_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update11_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update17_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update17_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update21_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update25_b33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update25_b34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update25_b35:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update45_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update45_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update45_b33:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update45_b34:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update51:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update7_b32:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update9_b31:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update9_b32:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927envdPatchVendor Advisory
- access.redhat.com/errata/RHSA-2014:0414nvdPatchThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryVDB Entry
- www.openwall.com/lists/oss-security/2015/02/08/6nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2015/02/09/9nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.