Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:F1E892EBF35455788EDC65472ED0C939
HistoryJul 11, 2013 - 12:00 a.m.

Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

2013-07-1100:00:00
SAINT Corporation
www.saintcorporation.com
24

0.968 High

EPSS

Percentile

99.6%

JSON

Added: 07/11/2013
CVE: CVE-2013-2460
BID: 60635
OSVDB: 94346

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

A vulnerability in the Serviceability subcomponent of Java Runtime Environment could allow a remote attacker to execute arbitrary code if a user is tricked into opening a web page with a specially crafted applet. Oracle JRE 7 Update 21 and earlier are vulnerable.

Resolution

Apply patches as directed in Oracle Java SE Critical Patch Update Advisory - June 2013.

References

<http://www.oracle.com/technetwork/topics/security/javacpujun2013verbose-1899853.html&gt;

Limitations

This exploit has been tested against Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit using Internet Explorer on Windows.

Platforms

Windows

Related

packetstorm 1
thn 1
checkpoint_advisories 2
seebug 1
saint 3
prion 1
symantec 1
veracode 1
cvelist 1
cve 1
ubuntucve 1
metasploit 1
exploitdb 1
openvas 24
nessus 29
oraclelinux 2
mageia 1
redhat 4
centos 2
amazon 1
ubuntu 2
suse 3
debian 1
securityvulns 1
ibm 14
gentoo 2
packetstorm
packetstorm
Java Applet ProviderSkeleton Insecure Invoke Method
2013-06-27 00:00:00
thn
thn
Caphaw Banking Malware Distributed via YouTube Ads
2014-02-24 23:20:00
checkpoint_advisories
checkpoint_advisories
Oracle Java sun.tracing.ProviderSkeleton Sandbox Bypass Code Execution - Ver2 (CVE-2013-2460)
2014-03-31 00:00:00
Java Applet ProviderSkeleton Class Insecure Invoke Method (CVE-2013-2460)
2013-07-10 00:00:00
seebug
seebug
Java Applet ProviderSkeleton Insecure Invoke Method
2014-07-01 00:00:00
saint
saint
Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability
2013-07-11 00:00:00
Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability
2013-07-11 00:00:00
Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability
2013-07-11 00:00:00
prion
prion
Improper access control
2013-06-18 22:55:00
symantec
symantec
Oracle Java SE CVE-2013-2460 Remote Java Runtime Environment Vulnerability
2013-06-18 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:45:32
cvelist
cvelist
CVE-2013-2460
2013-06-18 22:00:00
cve
cve
CVE-2013-2460
2013-06-18 22:55:02
ubuntucve
ubuntucve
CVE-2013-2460
2013-06-18 00:00:00
metasploit
metasploit
Java Applet ProviderSkeleton Insecure Invoke Method
2013-06-24 06:04:38
exploitdb
exploitdb
Java Applet - ProviderSkeleton Insecure Invoke Method (Metasploit)
2013-07-01 00:00:00
openvas
openvas
Oracle Java SE Multiple Vulnerabilities -01 June 13 (Windows)
2013-06-24 00:00:00
Oracle Java SE Multiple Vulnerabilities -01 (Jun 2013) - Windows
2013-06-24 00:00:00
CentOS Update for java CESA-2013:0957 centos6
2013-06-24 00:00:00
nessus
nessus
CentOS 5 : java-1.7.0-openjdk (CESA-2013:0958)
2013-06-21 00:00:00
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20130620)
2013-06-21 00:00:00
Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-0958)
2013-07-12 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
redhat
redhat
(RHSA-2013:0958) Important: java-1.7.0-openjdk security update
2013-06-19 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
(RHSA-2013:0963) Critical: java-1.7.0-oracle security update
2013-06-20 00:00:00
centos
centos
java security update
2013-06-20 06:46:44
java security update
2013-06-20 06:43:01
amazon
amazon
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
ubuntu
ubuntu
IcedTea Web update
2013-07-16 00:00:00
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2013-07-25 16:04:14
Security update for java-1_7_0-ibm (important)
2013-07-25 20:04:17
Security update for java-1_7_0-ibm (important)
2013-07-25 20:04:26
debian
debian
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:53:07
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
ibm
ibm
Security Bulletin: Flex System Manager (FSM) – June 2013 Java Vulnerabilities
2022-05-16 16:03:13
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
2022-09-25 21:06:56
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
2022-09-25 21:06:56
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

0.968 High

EPSS

Percentile

99.6%

JSON
Related for SAINT:F1E892EBF35455788EDC65472ED0C939
packetstorm1thn1checkpoint_advisories2seebug1saint3prion1symantec1veracode1cvelist1cve1ubuntucve1metasploit1exploitdb1openvas24nessus29oraclelinux2mageia1redhat4centos2amazon1ubuntu2suse3debian1securityvulns1ibm14gentoo2