CVE-2013-4578
published 2017-12-29CVE-2013-4578: jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a…
medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | jdk | <= 1.7.0 | — |
| oracle | jdk | — | — |
| oracle | jre | <= 1.7.0 | — |
| oracle | jre | — | — |