CVE-2013-2465
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 05, 2013
- Published Date
- June 18, 2013
- Last Updated
- February 10, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
References
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://marc.info/?l=bugtraq&m=137545592101387&w=2
https://access.redhat.com/errata/RHSA-2014:0414
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.securityfocus.com/bid/60657
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
http://secunia.com/advisories/54154
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
http://rhn.redhat.com/errata/RHSA-2013-1059.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
http://rhn.redhat.com/errata/RHSA-2013-1081.html
http://www.us-cert.gov/ncas/alerts/TA13-169A
http://advisories.mageia.org/MGASA-2013-0185.html
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
https://bugzilla.redhat.com/show_bug.cgi?id=975118
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-28 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_storeimagearray.rb | 2025-04-29 11:01:20 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
java_storeimagearray
Type: metasploit • Created: Unknown
Metasploit module for CVE-2013-2465