CVE-2013-0422
published 2013-01-10CVE-2013-0422: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method…
PriorityP197critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-06-15
Exploited in the wild
EPSS
97.61%
99.9th percentile
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| opensuse | opensuse | — | — |
| oracle | jdk | — | — |
| oracle | jre | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2013-0422 exploitation involves calling the public getMBeanInstantiator method in JmxMBeanServer to obtain a reference to a private MBeanInstantiator object, then using findClass to retrieve arbitrary Class references — monitor for unusual JMX/MBean reflection calls in Java processes. ↗
- →CVE-2013-0422 exploitation also involves recursive use of the Reflection API to bypass java.lang.invoke.MethodHandles.Lookup.checkSecurityManager — monitor for recursive reflection calls in Java browser plugin processes. ↗
- →CVE-2013-0422 was actively incorporated into the Blackhole and Nuclear Pack exploit kits as a zero-day in January 2013 — detections of these kits on hacked/malicious sites should be correlated with this CVE. ↗
- →A public Metasploit module exists for CVE-2013-0422 — scan for Metasploit-generated Java exploit payloads in network traffic targeting Java browser plugin processes. ↗
- ·Java 6 was initially reported as vulnerable but the reporter retracted this claim — Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. ↗
- ·A reliable third party claimed the findClass/MBeanInstantiator vector was NOT fully fixed in Java 7 Update 11 — a separate CVE may apply if that vector remains exploitable post-patch. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck10.0CRITICAL
cisa9.8CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Oracle Java 1.7.x setSecurityManager access control (VU#625617 / EDB-24045)
vuldb·2026-05-21·CVSS 9.8
CVE-2013-0422 [CRITICAL] Oracle Java 1.7.x setSecurityManager access control (VU#625617 / EDB-24045)
A vulnerability was found in Oracle Java 1.7.x and classified as very critical. This affects the function setSecurityManager of the file java.lang.invoke.methodhandles.lookup.checksecuritymanager. Executing a manipulation can lead to improper access controls.
This vulnerability is tracked as CVE-2013-0422. The attack can be launched remotely. Moreover, an exploit is present. This vulnerability has a historic impact due to its background and reception.
It is suggested to upgrade the affected component.
GHSA
GHSA-xcww-3952-xr69: Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2012-3174 [CRITICAL] GHSA-xcww-3952-xr69: Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
GHSA
GHSA-r293-6mhc-29xx: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiat
ghsa_unreviewed·2022-05-05·CVSS 10.0
CVE-2013-0422 [CRITICAL] CWE-284 GHSA-r293-6mhc-29xx: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiat
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recu
VulnCheck
Oracle JRE Remote Code Execution Vulnerability
vulncheck·2013·CVSS 9.8
CVE-2013-0422 [CRITICAL] CWE-264 Oracle JRE Remote Code Execution Vulnerability
Oracle JRE Remote Code Execution Vulnerability
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
Affected: Oracle Java Runtime Environment (JRE)
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2013-0422; https://cisa.gov/news-events/alerts/2013/01/10/oracle-java-7-security-manager-bypass-vulnerability; https://www.virusbulletin.com/virusbulletin/2013/04/java-security-era-byod; https://kung_foo.keybase.pub/papers_and_presentations/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf; https://krebsonsecurity.com/2013/07/styx-exploit-pack-domo-arigato-pc-roboto/; https://securelist.com/the-icef
VulnCheck
Oracle Java 7 before Update 11 Unspecified Vulnerability
vulncheck·2012·CVSS 10.0
CVE-2012-3174 [CRITICAL] Oracle Java 7 before Update 11 Unspecified Vulnerability
Oracle Java 7 before Update 11 Unspecified Vulnerability
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
Affected: Oracle jdk
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.virusbulletin.com/virusbulletin/2013/04/java-security-era-byo
CISA
Oracle JRE Remote Code Execution Vulnerability
cisa·2022-05-25·CVSS 9.8
CVE-2013-0422 [CRITICAL] CWE-264 Oracle JRE Remote Code Execution Vulnerability
Vulnerability: Oracle JRE Remote Code Execution Vulnerability
Affected: Oracle Java Runtime Environment (JRE)
A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2013-0422
Remediation Due Date: 2022-06-15
Ubuntu
OpenJDK 7 vulnerabilities
vendor_ubuntu·2013-01-16
CVE-2012-3174 OpenJDK 7 vulnerabilities
Title: OpenJDK 7 vulnerabilities
Summary: OpenJDK 7 could be made to crash or run programs as your login if it
opened a specially crafted Java applet.
It was discovered that OpenJDK 7's security mechanism could be bypassed via
Java applets. If a user were tricked into opening a malicious website, a
remote attacker could exploit this to perform arbitrary code execution as
the user invoking the program.
Instructions: After a standard system update you need to restart your browser to make all
the necessary changes.
Red Hat
OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
vendor_redhat·2013-01-13·CVSS 10.0
CVE-2012-3174 [CRITICAL] OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.6.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.6.0-ibm (Red Hat Enterprise Linux 6) -
Red Hat
OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
vendor_redhat·2013-01-10·CVSS 10.0
CVE-2013-0422 [CRITICAL] OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a differen
Exploit-DB
Java Applet JMX - Remote Code Execution (Metasploit) (1)
exploitdb·2013-01-11
CVE-2013-0422 Java Applet JMX - Remote Code Execution (Metasploit) (1)
Java Applet JMX - Remote Code Execution (Metasploit) (1)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
class Metasploit3 false })
def initialize( info = {} )
super( update_info( info,
'Name' => 'Java Applet JMX Remote Code Execution',
'Description' => %q{
This module abuses the JMX classes from a Java Applet to run arbitrary Java
code outside of the sandbox as exploited in the wild in January of 2013. The
vulnerability affects Java version 7u10 and earlier.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Unknown', # Vulnerability discovery
'egypt', # Metasploit mod
Metasploit
Java Applet JMX Remote Code Execution
metasploit
Java Applet JMX Remote Code Execution
Java Applet JMX Remote Code Execution
This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier.
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
blogs_securelist·2017-11-16
Investigation Report for the September 2014 Equation malware detection incident in the US
Authors
- Kaspersky
## Background
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
1. Was our software used outside of its intended functionality to pull classified information from a person’s c
Securelist
Investigation Report for the September 2014 Equation malware detection incident in the US
blogs_securelist·2017-11-16
Investigation Report for the September 2014 Equation malware detection incident in the US
Authors
Kaspersky
## Background
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others that followed it:
Was our software used outside of its intended functionality to pull classified information from a person’s comput
Krebs
Styx Exploit Pack: Domo Arigato, PC Roboto
blogs_krebs·2013-07-08
Styx Exploit Pack: Domo Arigato, PC Roboto
Not long ago, miscreants who wanted to buy an exploit kit — automated software that helps booby-trap hacked sites to deploy malicious code — had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability “stress-test platforms.”
Styx Pack victims, by browser and OS version.
Aptly named after the river in Greek mythology that separates mere mortals from the underworld, the Styx exploit pack is a high-end software package that is made for the underground but marketed and serviced at the public styx-crypt[dot]com. The purveyors of this malware-as-a-service also have made a 24 hour virtual help desk available to
Krebs
Styx Exploit Pack: Domo Arigato, PC Roboto – Krebs on Security
blogs_krebs·2013-07-01
Styx Exploit Pack: Domo Arigato, PC Roboto – Krebs on Security
Not long ago, miscreants who wanted to buy an exploit kit — automated software that helps booby-trap hacked sites to deploy malicious code — had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising and offering their services out in the open, marketing their wares as browser vulnerability “stress-test platforms.”
Styx Pack victims, by browser and OS version.
Aptly named after the river in Greek mythology that separates mere mortals from the underworld, the Styx exploit pack is a high-end software package that is made for the underground but marketed and serviced at the public styx-crypt[dot]com . The purveyors of this malware-as-a-service also have made a 24 hour virtual help desk available t
Krebs
Flaw Flood Busts Bug Bank
blogs_krebs·2013-02-04·CVSS 9.8
[CRITICAL] Flaw Flood Busts Bug Bank
The Common Vulnerability & Exposures (CVE) index, the industry standard for cataloging software security flaws, is growing so rapidly that it will soon be adding a few more notches to its belt: The CVE said it plans to allow for up to 100 times more individual vulnerabilities to be indexed each year to accommodate an increasing number of software flaw reports.
Currently, when a vulnerability is reported or discovered, it is assigned a CVE number that corresponds to the year it was reported, followed by a unique 4-digit number. For example, a recent zero-day Java flaw discovered earlier this year was assigned the identifier CVE-2013-0422. But in a recent publication, The MITRE Corp., the organization that maintains the index, said it wanted to hear feedback on several proposed changes, suc
Krebs
Flaw Flood Busts Bug Bank – Krebs on Security
blogs_krebs·2013-02-01·CVSS 9.8
[CRITICAL] Flaw Flood Busts Bug Bank – Krebs on Security
The Common Vulnerability & Exposures (CVE) index, the industry standard for cataloging software security flaws, is growing so rapidly that it will soon be adding a few more notches to its belt: The CVE said it plans to allow for up to 100 times more individual vulnerabilities to be indexed each year to accommodate an increasing number of software flaw reports.
Currently, when a vulnerability is reported or discovered, it is assigned a CVE number that corresponds to the year it was reported, followed by a unique 4-digit number. For example, a recent zero-day Java flaw discovered earlier this year was assigned the identifier CVE-2013-0422 . But in a recent publication, The MITRE Corp ., the organization that maintains the index, said it wanted to hear feedback on several proposed changes ,
Krebs
Oracle Ships Critical Security Update for Java
blogs_krebs·2013-01-13·CVSS 9.8
CVE-2013-0422 [CRITICAL] Oracle Ships Critical Security Update for Java
Oracle has released a software update to fix a critical security vulnerability in its Java software that miscreants and malware have been exploiting to break into vulnerable computers.
Java 7 Update 11 fixes a critical flaw (CVE-2013-0422) in Java 7 Update 10 and earlier versions of Java 7. The update is available via Oracle’s Web site, or can be downloaded from with Java via the Java Control Panel. Existing users should be able to update by visiting the Windows Control Panel and clicking the Java icon, or by searching for “Java” and clicking the “Update Now” button from the Update tab.
This update also changes the way Java handles Web applications. According to Oracle’s advisory: “The default security level for Java applets and web start applications has been increased from “Medium” to
Krebs
Zero-Day Java Exploit Debuts in Crimeware
blogs_krebs·2013-01-10·CVSS 9.8
[CRITICAL] Zero-Day Java Exploit Debuts in Crimeware
The hackers who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.
According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10.
Krebs
Zero-Day Java Exploit Debuts in Crimeware – Krebs on Security
blogs_krebs·2013-01-01·CVSS 9.8
[CRITICAL] Zero-Day Java Exploit Debuts in Crimeware – Krebs on Security
The hackers who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java .
The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.
According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10
Krebs
Oracle Ships Critical Security Update for Java – Krebs on Security
blogs_krebs·2013-01-01·CVSS 9.8
CVE-2013-0422 [CRITICAL] Oracle Ships Critical Security Update for Java – Krebs on Security
Oracle has released a software update to fix a critical security vulnerability in its Java software that miscreants and malware have been exploiting to break into vulnerable computers.
Java 7 Update 11 fixes a critical flaw (CVE-2013-0422) in Java 7 Update 10 and earlier versions of Java 7. The update is available via Oracle’s Web site , or can be downloaded from with Java via the Java Control Panel. Existing users should be able to update by visiting the Windows Control Panel and clicking the Java icon, or by searching for “Java” and clicking the “Update Now” button from the Update tab.
This update also changes the way Java handles Web applications. According to Oracle’s advisory : “The default security level for Java applets and web start applications has been increased from “Medium” t
Zscaler
Zscaler Protects Against 0 Day Vulnerability in Java 7 incorporated into multiple exploit kits | Zscaler
blogs_zscaler·CVSS 9.8
[CRITICAL] Zscaler Protects Against 0 Day Vulnerability in Java 7 incorporated into multiple exploit kits | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2013-0422 CVE-2012-3174 java-1.7.0-openjdk various flaws [fedora-all]
bugzilla·2013-01-14·CVSS 10.0
CVE-2013-0422 [CRITICAL] CVE-2013-0422 CVE-2012-3174 java-1.7.0-openjdk various flaws [fedora-all]
CVE-2013-0422 CVE-2012-3174 java-1.7.0-openjdk various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects
Bugzilla
CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
bugzilla·2013-01-14·CVSS 10.0
CVE-2012-3174 [CRITICAL] CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933)
Oracle Java SE 7 Update 11 resolves CVE-2012-3174, an unknown flaw that allows for remote arbitrary code execution, related to CVE-2013-0422 (bug 894172).
External Reference:
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
Discussion:
Created java-1.7.0-openjdk tracking bugs for this issue
Affects: fedora-all [bug 895035]
---
Related commits in upstream OpenJDK7 repositories:
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ecc14534318c
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d9969a953f69
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2013
Bugzilla
Blocklist with severity CTP for all versions of Java due to zero-day remote code execution vulnerability being actively exploited
bugzilla·2013-01-10
[CRITICAL] Blocklist with severity CTP for all versions of Java due to zero-day remote code execution vulnerability being actively exploited
Blocklist with severity CTP for all versions of Java due to zero-day remote code execution vulnerability being actively exploited
See URL.
Discussion:
I am not sure if, because of bug 803152, we're already CTP'ing all versions of Java. If so, there may be nothing to do here.
---
See https://wiki.mozilla.org/Blocklisting/PluginBlocks for our current state of plugin blocks. We have CTP blocks for Java 6 U33 - Java 6 U36 and Java 7 U7 - Java 7 U8. We would need to extend the blocks to cover the latest versions, or all versions.
---
See bug 829147 for recommendation to enable click to play for all versions of Java instead of blocklist.
---
*** Bug 829147 has been marked as a duplicate of this bug. ***
---
Clarified summary to request "blocklist with severity CTP"
---
(In reply to
Bugzilla
CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
bugzilla·2013-01-10·CVSS 9.8
CVE-2013-0422 [CRITICAL] CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
CERT VU#625617 [1] describes a flaw in Java 7 Update 10 and earlier, which contains an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
This is currently being exploited in the wild and is reported to be incorporated into exploit kits. It is recommended that all users disable the java browser plugin in their browsers.
[1] http://www.kb.cert.org/vuls/id/625617
Other references:
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
Discussion:
Common Vulnerabilities and Exposures assigned an identifier to
the
arXiv
MalCVE: Malware Detection and CVE Association Using Large Language Models
arxiv_fulltext·2026-02-02
MalCVE: Malware Detection and CVE Association Using Large Language Models
MalCVE: Malware Detection and CVE Association
Using Large Language Models
Eduard Andrei Cristea
Norwegian University of Science and Technology
Trondheim
Norway
[email protected]
Petter Molnes
Norwegian University of Science and Technology
Trondheim
Norway
[email protected]
Jingyue Li
Norwegian University of Science and Technology
Trondheim
Norway
[email protected]
Cristea, Molnes, and Li
## Abstract
Malicious software attacks are having an increasingly significant economic impact. Commercial malware detection software can be costly, and tools that attribute malware to the specific software vulnerabilities it exploits are largely lacking. Understanding the connection between malware and the vulnerabilities it targets is crucial for analyzing past threats and proactively defending
CTF
Secured Java / README
ctf_writeups·2022·CVSS 9.8
[CRITICAL] Secured Java / README
# Secured Java
The challenge is [a single python file](./secured_java.py) that allows you to run Java in a "secure way".
The code boils down to:
1. you upload two files: `Main.java` and `dep.jar`
2. it compile Main
3. it runs Main with an empty _security policy_
Pseudocode:
```python
get_file("Main.java")
get_file("dep.jar")
subprocess.run(
["javac", "-cp", DEP_FILE, SOURCE_FILE],
check=True,
)
subprocess.run(["java", "--version"])
subprocess.run(
[
"java",
"-cp", f".:{DEP_FILE}",
"-Djava.security.manager",
"-Djava.security.policy==/dev/null",
"Main",
],
check=True,
)
```
Obviously running arbitrary Java code is dangerous, but because we are running it with a _SecurityManager_ and not explicitly granting permissions (e.g. "`grant { permission java.net.SocketPermission "localhost:133
arXiv
Web Tracking: Mechanisms, Implications, and Defenses
arxiv_fulltext·2015-07-28
Web Tracking: Mechanisms, Implications, and Defenses
Web Tracking: Mechanisms, Implications, and Defenses
Tomasz Bujlow, Member, IEEE,
Valentín Carela-Español,
Josep Solé-Pareta,
and Pere Barlet-Ros
The authors are with the Broadband Communications Research Group, Department of Computer Architecture,
Universitat Politècnica de Catalunya, Barcelona, 08034, Spain.
E-mails: [email protected] (T. Bujlow), [email protected] (V. Carela-Español), [email protected] (J. Solé-Pareta), [email protected] (P. Barlet-Ros).
arXiv.org Digital Library
Bujlow et al.: Web Tracking: Mechanisms, Implications, and Defenses
## Abstract
This articles surveys the existing literature on the methods currently used by web services to track the user online as well as their purposes, implications, and possible user's defenses. A significant majority of reviewed art
http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.htmlhttp://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.htmlhttp://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.htmlhttp://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0156.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0165.htmlhttp://seclists.org/bugtraq/2013/Jan/48http://www.kb.cert.org/vuls/id/625617http://www.mandriva.com/security/advisories?name=MDVSA-2013:095http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.htmlhttp://www.ubuntu.com/usn/USN-1693-1http://www.us-cert.gov/cas/techalerts/TA13-010A.htmlhttps://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdfhttps://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_ushttp://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.htmlhttp://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.htmlhttp://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.htmlhttp://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0156.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0165.htmlhttp://seclists.org/bugtraq/2013/Jan/48http://www.kb.cert.org/vuls/id/625617http://www.mandriva.com/security/advisories?name=MDVSA-2013:095http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.htmlhttp://www.ubuntu.com/usn/USN-1693-1http://www.us-cert.gov/cas/techalerts/TA13-010A.htmlhttps://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdfhttps://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_ushttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0422
2013-01-10
Published
2022-05-25
Added to CISA KEV
Exploited in the wild