Lucene search

[email protected]NVD:CVE-2013-4578

HistoryDec 29, 2017 - 10:29 p.m.

CVE-2013-4578

2017-12-2922:29:00

CWE-74

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.003

Percentile

70.0%

JSON

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

Affected configurations

Nvd

Node

oraclejdkMatch1.7.0update1

oraclejdkMatch1.7.0update10

oraclejdkMatch1.7.0update10_b31

oraclejdkMatch1.7.0update11

oraclejdkMatch1.7.0update11_b32

oraclejdkMatch1.7.0update13

oraclejdkMatch1.7.0update15

oraclejdkMatch1.7.0update17

oraclejdkMatch1.7.0update17_b31

oraclejdkMatch1.7.0update17_b32

oraclejdkMatch1.7.0update2

oraclejdkMatch1.7.0update21

oraclejdkMatch1.7.0update21_b31

oraclejdkMatch1.7.0update25

oraclejdkMatch1.7.0update25_b33

oraclejdkMatch1.7.0update25_b34

oraclejdkMatch1.7.0update25_b35

oraclejdkMatch1.7.0update3

oraclejdkMatch1.7.0update4

oraclejdkMatch1.7.0update40

oraclejdkMatch1.7.0update45

oraclejdkMatch1.7.0update45_b31

oraclejdkMatch1.7.0update45_b32

oraclejdkMatch1.7.0update45_b33

oraclejdkMatch1.7.0update45_b34

oraclejdkMatch1.7.0update5

oraclejdkMatch1.7.0update51

oraclejdkMatch1.7.0update6

oraclejdkMatch1.7.0update7

oraclejdkMatch1.7.0update7_b32

oraclejdkMatch1.7.0update9

oraclejdkMatch1.7.0update9_b31

oraclejdkMatch1.7.0update9_b32

oraclejreMatch1.7.0update1

oraclejreMatch1.7.0update10

oraclejreMatch1.7.0update10_b31

oraclejreMatch1.7.0update11

oraclejreMatch1.7.0update11_b32

oraclejreMatch1.7.0update13

oraclejreMatch1.7.0update15

oraclejreMatch1.7.0update17

oraclejreMatch1.7.0update17_b31

oraclejreMatch1.7.0update17_b32

oraclejreMatch1.7.0update2

oraclejreMatch1.7.0update21

oraclejreMatch1.7.0update21_b31

oraclejreMatch1.7.0update25

oraclejreMatch1.7.0update25_b33

oraclejreMatch1.7.0update25_b34

oraclejreMatch1.7.0update25_b35

oraclejreMatch1.7.0update3

oraclejreMatch1.7.0update4

oraclejreMatch1.7.0update40

oraclejreMatch1.7.0update45

oraclejreMatch1.7.0update45_b31

oraclejreMatch1.7.0update45_b32

oraclejreMatch1.7.0update45_b33

oraclejreMatch1.7.0update45_b34

oraclejreMatch1.7.0update5

oraclejreMatch1.7.0update51

oraclejreMatch1.7.0update6

oraclejreMatch1.7.0update7

oraclejreMatch1.7.0update7_b32

oraclejreMatch1.7.0update9

oraclejreMatch1.7.0update9_b31

oraclejreMatch1.7.0update9_b32

Node

oraclejdkRange≤1.7.0

oraclejreRange≤1.7.0

References

hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927e

www.openwall.com/lists/oss-security/2015/02/08/6

www.openwall.com/lists/oss-security/2015/02/09/9

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=1031471

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.003

Percentile

70.0%

JSON

Related for NVD:CVE-2013-4578

veracode1 ubuntucve1 openvas2 cve1 cvelist1 prion1 redhat7 nessus11 centos2