CVE-2013-0422
Vulnerability from cvelistv5
Published
2013-01-10 21:23
Modified
2024-08-06 14:25
Severity ?
Summary
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
References
secalert_us@oracle.comhttp://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.htmlNot Applicable
secalert_us@oracle.comhttp://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/Broken Link
secalert_us@oracle.comhttp://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.htmlThird Party Advisory
secalert_us@oracle.comhttp://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/Third Party Advisory
secalert_us@oracle.comhttp://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/Broken Link, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2013-0156.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2013-0165.htmlThird Party Advisory
secalert_us@oracle.comhttp://seclists.org/bugtraq/2013/Jan/48Mailing List, Third Party Advisory
secalert_us@oracle.comhttp://www.kb.cert.org/vuls/id/625617Third Party Advisory, US Government Resource
secalert_us@oracle.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:095Not Applicable
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.htmlVendor Advisory
secalert_us@oracle.comhttp://www.ubuntu.com/usn/USN-1693-1Third Party Advisory
secalert_us@oracle.comhttp://www.us-cert.gov/cas/techalerts/TA13-010A.htmlThird Party Advisory, US Government Resource
secalert_us@oracle.comhttps://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdfBroken Link
secalert_us@oracle.comhttps://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013Not Applicable
secalert_us@oracle.comhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018Third Party Advisory
secalert_us@oracle.comhttps://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_usNot Applicable
Impacted products
n/an/a
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-05-25

Due date: 2022-06-15

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-0422

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:10.233Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2013:0156",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html"
          },
          {
            "name": "MDVSA-2013:095",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
          },
          {
            "name": "openSUSE-SU-2013:0199",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
          },
          {
            "name": "RHSA-2013:0165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
          },
          {
            "name": "VU#625617",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/625617"
          },
          {
            "name": "TA13-010A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA13-010A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us"
          },
          {
            "name": "USN-1693-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1693-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013"
          },
          {
            "name": "20130110 [SE-2012-01] \u0027Fix\u0027 for Issue 32 exploited by new Java 0-day code",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2013/Jan/48"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114.  CVE-2013-0422 covers both the JMX/MBean and Reflection API issues.  NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks.  NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11.  If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-19T14:57:03",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "RHSA-2013:0156",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html"
        },
        {
          "name": "MDVSA-2013:095",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
        },
        {
          "name": "openSUSE-SU-2013:0199",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
        },
        {
          "name": "RHSA-2013:0165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
        },
        {
          "name": "VU#625617",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/625617"
        },
        {
          "name": "TA13-010A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA13-010A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us"
        },
        {
          "name": "USN-1693-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1693-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013"
        },
        {
          "name": "20130110 [SE-2012-01] \u0027Fix\u0027 for Issue 32 exploited by new Java 0-day code",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2013/Jan/48"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2013-0422",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114.  CVE-2013-0422 covers both the JMX/MBean and Reflection API issues.  NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks.  NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11.  If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2013:0156",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0156.html"
            },
            {
              "name": "http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html",
              "refsource": "MISC",
              "url": "http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html"
            },
            {
              "name": "MDVSA-2013:095",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
            },
            {
              "name": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/",
              "refsource": "MISC",
              "url": "http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/"
            },
            {
              "name": "openSUSE-SU-2013:0199",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html"
            },
            {
              "name": "RHSA-2013:0165",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0165.html"
            },
            {
              "name": "VU#625617",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/625617"
            },
            {
              "name": "TA13-010A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA13-010A.html"
            },
            {
              "name": "https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf",
              "refsource": "MISC",
              "url": "https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf"
            },
            {
              "name": "http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html",
              "refsource": "MISC",
              "url": "http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html"
            },
            {
              "name": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us",
              "refsource": "MISC",
              "url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us"
            },
            {
              "name": "USN-1693-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1693-1"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018",
              "refsource": "CONFIRM",
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018"
            },
            {
              "name": "http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html",
              "refsource": "MISC",
              "url": "http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html"
            },
            {
              "name": "https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013",
              "refsource": "MISC",
              "url": "https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013"
            },
            {
              "name": "20130110 [SE-2012-01] \u0027Fix\u0027 for Issue 32 exploited by new Java 0-day code",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2013/Jan/48"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html"
            },
            {
              "name": "http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/",
              "refsource": "MISC",
              "url": "http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/"
            },
            {
              "name": "http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/",
              "refsource": "MISC",
              "url": "http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2013-0422",
    "datePublished": "2013-01-10T21:23:00",
    "dateReserved": "2012-12-07T00:00:00",
    "dateUpdated": "2024-08-06T14:25:10.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2013-0422",
      "cwes": "[\"CWE-264\"]",
      "dateAdded": "2022-05-25",
      "dueDate": "2022-06-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2013-0422",
      "product": "Java Runtime Environment (JRE)",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.",
      "vendorProject": "Oracle",
      "vulnerabilityName": "Oracle JRE Remote Code Execution Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-0422\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2013-01-10T21:55:00.777\",\"lastModified\":\"2024-04-26T16:07:03.190\",\"vulnStatus\":\"Analyzed\",\"cisaExploitAdd\":\"2022-05-25\",\"cisaActionDue\":\"2022-06-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Oracle JRE Remote Code Execution Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114.  CVE-2013-0422 covers both the JMX/MBean and Reflection API issues.  NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks.  NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11.  If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades en Java de Oracle versi\u00f3n 7 anterior a Update 11, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario mediante (1) utilizando el m\u00e9todo p\u00fablico getMBeanInstantiator en la clase JmxMBeanServer para obtener una referencia a un objeto MBeanInstantiator privado, a continuaci\u00f3n, recuperar referencias arbitrarias Class mediante el m\u00e9todo findClass y (2) mediante la API Reflection con recursi\u00f3n de una manera que omita una comprobaci\u00f3n de seguridad mediante el m\u00e9todo java.lang.invoke.MethodHandles.Lookup.checkSecurityManager debido a la incapacidad del m\u00e9todo sun.reflect.Reflection.getCallerClass para omitir marcos relacionados con la nueva API reflection, como se explot\u00f3 \u201cin the wild\u201d en Enero de 2013, como es demostrado por Blackhole y Nuclear Pack, y una vulnerabilidad diferente de CVE-2012-4681 y CVE-2012-3174. NOTA: algunas partes han mapeado el problema recursivo de la API Reflection al CVE-2012-3174, pero el CVE-2012-3174 es para una vulnerabilidad diferente cuyos detalles no son p\u00fablicos a partir de 20130114. El CVE-2013-0422 cubre los problemas de JMX/MBean y API Reflection. NOTA: originalmente se inform\u00f3 que Java versi\u00f3n 6 tambi\u00e9n era vulnerable, pero el reportero se ha retractado de esta afirmaci\u00f3n, declarando que Java versi\u00f3n 6 no es explotable porque el c\u00f3digo relevante se llama de una manera que no omita las comprobaciones de seguridad. NOTA: a partir de 20130114, un tercero confiable ha afirmado que el vector findClass/MBeanInstantiator no se corrigi\u00f3 en Java de Oracle versi\u00f3n 7 Update 11. Si todav\u00eda hay una condici\u00f3n vulnerable, se podr\u00eda crear un identificador CVE independiente para el problema no corregido.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACABC935-5DD6-4F85-992E-70AD517EF41D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6152036D-6421-4AE4-9223-766FE07B5A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE8B0935-6637-413D-B896-28E0ED7F2CEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D375CECB-405C-4E18-A7E8-9C5A2F97BD69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"52EEEA5A-E77C-43CF-A063-9D5C64EA1870\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"003746F6-DEF0-4D0F-AD97-9E335868E301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF830E0E-0169-4B6A-81FF-2E9FCD7D913B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BAE3670-0938-480A-8472-DFF0B3A0D0BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EC967FF-26A6-4498-BC09-EC23B2B75CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"02781457-4E40-46A9-A5F7-945232A8C2B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFAA351A-93CD-46A8-A480-CE2783CCD620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4B153FD-E20B-4909-8B10-884E48F5B590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"F21933FB-A27C-4AF3-9811-2DE28484A5A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5831D70B-3854-4CB8-B88D-40F1743DAEE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA302DF3-ABBB-4262-B206-4C0F7B5B1E91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CD8A54E-185B-4D34-82EF-C0C05739EC12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FFC7F0D-1F32-4235-8359-277CE41382DF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2076871-2E80-4605-A470-A41C1A8EC7EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D806A17E-B8F9-466D-807D-3F1E77603DC8\"}]}]}],\"references\":[{\"url\":\"http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0156.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0165.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/bugtraq/2013/Jan/48\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/625617\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:095\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1693-1\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA13-010A.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Not Applicable\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.