CVE-2013-2465

Confirmed PUBLISHED

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and...

Oracle · Java SE
Exploited in the wild Used in malware PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical EPSS 98.7%

At a Glance

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

metasploit java ransomware malware cisa
CVE Published
Jun 18, 2013
Exploitation Reported
Mar 28, 2022
CVSS
9.8 Critical
EPSS
98.7%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • RHSA-2013:1060 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2013-1060.html
  • HPSBUX02908 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=137545592101387&w=2
  • RHSA-2014:0414 access.redhat.com · Vendor Advisory https://access.redhat.com/errata/RHSA-2014:0414
  • GLSA-201406-32 security.gentoo.org · Vendor Advisory http://security.gentoo.org/glsa/glsa-201406-32.xml
  • SUSE-SU-2013:1264 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031...
Show 26 more references
  • SUSE-SU-2013:1257 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028...
  • HPSBUX02907 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=137545505800971&w=2
  • SUSE-SU-2013:1256 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027...
  • RHSA-2013:1455 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2013-1455.html
  • SSRT101305 h20000.www2.hp.com · Vendor Advisory http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectI...
  • SUSE-SU-2013:1263 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029...
  • RHSA-2013:1059 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2013-1059.html
  • SUSE-SU-2013:1293 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000...
  • RHSA-2013:1081 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2013-1081.html
  • RHSA-2013:0963 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2013-0963.html
  • SUSE-SU-2013:1255 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026...
  • RHSA-2013:1456 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2013-1456.html
  • MDVSA-2013:183 mandriva.com · Vendor Advisory http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
  • SUSE-SU-2013:1305 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003...
  • 54154 secunia.com · Third-Party Advisory http://secunia.com/advisories/54154
  • TA13-169A us-cert.gov · Third-Party Advisory http://www.us-cert.gov/ncas/alerts/TA13-169A
  • 60657 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/60657
  • oval:org.mitre.oval:def:19455 oval.cisecurity.org · VDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m...
  • oval:org.mitre.oval:def:19703 oval.cisecurity.org · VDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m...
  • oval:org.mitre.oval:def:19074 oval.cisecurity.org · VDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m...
  • oval:org.mitre.oval:def:17106 oval.cisecurity.org · VDB Entry https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.m...
  • oracle.com/technetwork/topics/security/javacpujun2013-1... oracle.com · CVE Record http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899...
  • hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040 hg.openjdk.java.net · CVE Record http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
  • advisories.mageia.org/MGASA-2013-0185.html advisories.mageia.org · CVE Record http://advisories.mageia.org/MGASA-2013-0185.html
  • bugzilla.redhat.com/show_bug.cgi bugzilla.redhat.com · CVE Record https://bugzilla.redhat.com/show_bug.cgi?id=975118
  • www-01.ibm.com/support/docview.wss www-01.ibm.com · CVE Record http://www-01.ibm.com/support/docview.wss?uid=swg21642336

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.