CVE-2013-1491
published 2013-03-08CVE-2013-1491: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7…
PriorityP359critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
16.42%
96.6th percentile
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | javafx | <= 2.2.7 | — |
| oracle | javafx | — | — |
| oracle | javafx | — | — |
| oracle | javafx | — | — |
| oracle | javafx | — | — |
| oracle | javafx | — | — |
| oracle | javafx | — | — |
| oracle | javafx | — | — |
| oracle | javafx | — | — |
| oracle | jdk | <= 1.7.0 | — |
| oracle | jdk | <= 1.6.0 | — |
| oracle | jdk | <= 1.5.0 | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jre | <= 1.7.0 | — |
| oracle | jre | <= 1.6.0 | — |
| oracle | jre | <= 1.5.0 | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| sun | jdk | — | — |
| sun | jdk | — | — |
| sun | jre | — | — |
| sun | jre | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
vendor_redhat·2013-04-16·CVSS 10.0
CVE-2013-2432 [CRITICAL] JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.
Red Hat
JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
vendor_redhat·2013-04-16·CVSS 10.0
CVE-2013-2394 [CRITICAL] JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.
Red Hat
JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
vendor_redhat·2013-03-06·CVSS 10.0
CVE-2013-1491 [CRITICAL] JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.6.0-openjdk (Red Hat Enterprise Linux 6) - Not affected
Package: java-1.7.0-openjdk (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-w2h9-vx32-mw67: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5
ghsa_unreviewed·2022-05-17
CVE-2013-1491 [HIGH] CWE-94 GHSA-w2h9-vx32-mw67: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
GHSA
GHSA-7569-gw6r-r73h: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2013-2394 [CRITICAL] GHSA-7569-gw6r-r73h: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.
GHSA
GHSA-pm4f-9p32-rfm4: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2013-2432 [CRITICAL] GHSA-pm4f-9p32-rfm4: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.
No detection rules found.
No public exploits indexed.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.htmlhttp://marc.info/?l=bugtraq&m=137283787217316&w=2http://rhn.redhat.com/errata/RHSA-2013-0757.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0758.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1455.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1456.htmlhttp://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.htmlhttp://www.us-cert.gov/ncas/alerts/TA13-107Ahttp://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16663https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19482https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19553https://twitter.com/thezdi/status/309438311112507392http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.htmlhttp://marc.info/?l=bugtraq&m=137283787217316&w=2http://rhn.redhat.com/errata/RHSA-2013-0757.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0758.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1455.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1456.htmlhttp://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.htmlhttp://www.us-cert.gov/ncas/alerts/TA13-107Ahttp://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16663https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19482https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19553https://twitter.com/thezdi/status/309438311112507392
2013-03-08
Published