Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-58504
HistoryMar 07, 2013 - 12:00 a.m.

Oracle Java SE CVE-2013-1488 Remote Code Execution Vulnerability

2013-03-0700:00:00
Symantec Security Response
www.symantec.com
26

0.97 High

EPSS

Percentile

99.7%

JSON

Description

Oracle Java SE is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the current process.

Technologies Affected

  • Avaya Aura Communication Manager Utility Services 6.0
  • Avaya Aura Communication Manager Utility Services 6.1
  • Avaya Aura Communication Manager Utility Services 6.1 SP 6.1.0.9.8
  • Avaya Aura Communication Manager Utility Services 6.1.0.9.8
  • Avaya Aura Communication Manager Utility Services 6.2
  • Avaya Aura Communication Manager Utility Services 6.2.4.0.15
  • Avaya Aura Communication Manager Utility Services 6.2.5.0.15
  • Avaya Aura Communication Manager Utility Services 6.3
  • Avaya Aura Conferencing 6.0 SP1 Standard
  • Avaya Aura Conferencing 6.0 Standard
  • Avaya Aura Experience Portal 6.0
  • Avaya Aura Experience Portal 6.0 SP1
  • Avaya Aura Experience Portal 6.0 SP2
  • Avaya Aura Experience Portal 6.0.1
  • Avaya Aura Experience Portal 6.0.2
  • Avaya Aura System Platform 1.0
  • Avaya Aura System Platform 1.1
  • Avaya Aura System Platform 6.0
  • Avaya Aura System Platform 6.0 SP2
  • Avaya Aura System Platform 6.0 SP3
  • Avaya Aura System Platform 6.0.1
  • Avaya Aura System Platform 6.0.2
  • Avaya Aura System Platform 6.0.3.0.3
  • Avaya Aura System Platform 6.0.3.8.3
  • Avaya Aura System Platform 6.0.3.9.3
  • Avaya Aura System Platform 6.2
  • Avaya Aura System Platform 6.2 SP1
  • Avaya Aura System Platform 6.2.1
  • Avaya Aura System Platform 6.2.1.0.9
  • Avaya Aura System Platform 6.2.2
  • Avaya Aura System Platform 6.3
  • Avaya Meeting Exchange 6.0
  • Avaya Meeting Exchange 6.2
  • Avaya one-X Client Enablement Service 6.0 SP1
  • Avaya one-X Client Enablement Service 6.0 SP2
  • Avaya one-X Client Enablement Service 6.0 SP3
  • Avaya one-X Client Enablement Service 6.1
  • Avaya one-X Client Enablement Service 6.1 SP1
  • Avaya one-X Client Enablement Service 6.1 SP2
  • Avaya one-X Client Enablement Services 6.0
  • Avaya one-X Client Enablement Services 6.1
  • Avaya one-X Client Enablement Services 6.1.1
  • Avaya one-X Client Enablement Services 6.1.2
  • Avaya one-X Client Enablement Services 6.2
  • CentOS CentOS 5
  • CentOS CentOS 6
  • Fedoraproject Fedora 17
  • Fedoraproject Fedora 18
  • Fedoraproject Fedora 19
  • Gentoo Linux
  • IBM Intelligent Operations Center 1.5
  • IBM Intelligent Operations Center 1.5.0.1
  • IBM Intelligent Operations Center 1.5.0.2
  • IBM Java SDK 6
  • IBM Java SDK 7
  • IBM Java SE 6
  • IBM Java SE 7
  • IBM Lotus Domino 8.0
  • IBM Lotus Domino 8.0.1
  • IBM Lotus Domino 8.0.2
  • IBM Lotus Domino 8.0.2.1
  • IBM Lotus Domino 8.0.2.2
  • IBM Lotus Domino 8.0.2.3
  • IBM Lotus Domino 8.0.2.4
  • IBM Lotus Domino 8.5.0
  • IBM Lotus Domino 8.5.0.1
  • IBM Lotus Domino 8.5.1
  • IBM Lotus Domino 8.5.1.1
  • IBM Lotus Domino 8.5.2
  • IBM Lotus Domino 8.5.3
  • IBM Lotus Domino 8.5.4
  • IBM Lotus Domino 9.0
  • IBM Lotus Notes 8.0
  • IBM Lotus Notes 8.0.1
  • IBM Lotus Notes 8.0.2
  • IBM Lotus Notes 8.0.2.1
  • IBM Lotus Notes 8.0.2.2
  • IBM Lotus Notes 8.0.2.3
  • IBM Lotus Notes 8.0.2.4
  • IBM Lotus Notes 8.0.2.5
  • IBM Lotus Notes 8.0.2.6
  • IBM Lotus Notes 8.5
  • IBM Lotus Notes 8.5.0.1
  • IBM Lotus Notes 8.5.1
  • IBM Lotus Notes 8.5.1.2
  • IBM Lotus Notes 8.5.1.3
  • IBM Lotus Notes 8.5.1.4
  • IBM Lotus Notes 8.5.1.5
  • IBM Lotus Notes 8.5.2
  • IBM Lotus Notes 8.5.2.1
  • IBM Lotus Notes 8.5.2.2
  • IBM Lotus Notes 8.5.2.3
  • IBM Lotus Notes 8.5.3
  • IBM Lotus Notes 9.0
  • IBM Maximo Asset Management 6.2
  • IBM Maximo Asset Management 6.2.1
  • IBM Maximo Asset Management 6.2.2
  • IBM Maximo Asset Management 6.2.3
  • IBM Maximo Asset Management 6.2.4
  • IBM Maximo Asset Management 6.2.5
  • IBM Maximo Asset Management 6.2.6
  • IBM Maximo Asset Management 6.2.7
  • IBM Maximo Asset Management 6.2.8
  • IBM Maximo Asset Management 7.1
  • IBM Maximo Asset Management 7.1.1
  • IBM Maximo Asset Management 7.1.2
  • IBM Maximo Asset Management 7.2
  • IBM Maximo Asset Management 7.2.1
  • IBM Maximo Asset Management 7.5
  • IBM Maximo Asset Management Essentials 6.2
  • IBM Maximo Asset Management Essentials 7.1
  • IBM Maximo Asset Management Essentials 7.5
  • IBM Operational Decision Manager 8.0
  • IBM Operational Decision Manager 8.5
  • IBM Rational Host On-Demand 11.0.0
  • IBM Rational Host On-Demand 11.0.7
  • IBM Smart Analytics System 5600 9.7
  • IBM Tivoli Composite Application Manager for Transactions 7.1.0
  • IBM Tivoli Composite Application Manager for Transactions 7.1.0.1
  • IBM Tivoli Composite Application Manager for Transactions 7.1.0.2
  • IBM Tivoli Composite Application Manager for Transactions 7.2.0
  • IBM Tivoli Composite Application Manager for Transactions 7.2.0.1
  • IBM Tivoli Composite Application Manager for Transactions 7.2.0.2
  • IBM Tivoli Composite Application Manager for Transactions 7.3.0
  • IBM Tivoli Endpoint Manager for Remote Control 8.2.1
  • IBM Tivoli Endpoint Manager for Remote Control 9.0.0
  • IBM Tivoli Monitoring 6.2.0
  • IBM Tivoli Monitoring 6.2.1
  • IBM Tivoli Monitoring 6.2.2
  • IBM Tivoli Monitoring 6.2.3
  • IBM Tivoli Monitoring 6.3.0
  • IBM Tivoli Remote Control 5.1.2
  • IBM Tivoli System Automation (TSA) for Multiplatforms 3.1
  • IBM Tivoli System Automation (TSA) for Multiplatforms 3.2
  • IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.1
  • IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.2
  • IBM Tivoli System Automation Application Manager 3.1
  • IBM Tivoli System Automation Application Manager 3.2
  • IBM Tivoli System Automation Application Manager 3.2.1
  • IBM Tivoli System Automation Application Manager 3.2.2
  • IBM Tivoli System Automation for Integrated Operations Management 2.1
  • IBM Virtualization Engine TS7700
  • IBM WebSphere ILOG JRules 7.1
  • IBM WebSphere Operational Decision Management 7.5.0.0
  • Mandriva Business Server 1
  • Mandriva Business Server 1 X86 64
  • Mandriva Enterprise Server 5
  • Mandriva Enterprise Server 5 X86 64
  • Oracle Enterprise Linux 5
  • Oracle Enterprise Linux 6
  • Oracle Enterprise Linux 6.2
  • Oracle JDK (Linux Production Release) 1.7.0
  • Oracle JDK (Linux Production Release) 1.7.0_12
  • Oracle JDK (Linux Production Release) 1.7.0_13
  • Oracle JDK (Linux Production Release) 1.7.0_17
  • Oracle JDK (Linux Production Release) 1.7.0_2
  • Oracle JDK (Linux Production Release) 1.7.0_4
  • Oracle JDK (Linux Production Release) 1.7.0_7
  • Oracle JDK (Solaris Production Release) 1.7.0
  • Oracle JDK (Solaris Production Release) 1.7.0_10
  • Oracle JDK (Solaris Production Release) 1.7.0_11
  • Oracle JDK (Solaris Production Release) 1.7.0_13
  • Oracle JDK (Solaris Production Release) 1.7.0_2
  • Oracle JDK (Solaris Production Release) 1.7.0_4
  • Oracle JDK (Solaris Production Release) 1.7.0_7
  • Oracle JDK (Windows Production Release) 1.7.0
  • Oracle JDK (Windows Production Release) 1.7.0_17
  • Oracle JDK (Windows Production Release) 1.7.0_2
  • Oracle JDK (Windows Production Release) 1.7.0_4
  • Oracle JDK (Windows Production Release) 1.7.0_7
  • Oracle JDK(Linux Production Release) 1.7.0_10
  • Oracle JDK(Linux Production Release) 1.7.0_11
  • Oracle JDK(Linux Production Release) 1.7.0_13
  • Oracle JDK(Linux Production Release) 1.7.0_14
  • Oracle JDK(Linux Production Release) 1.7.0_15
  • Oracle JDK(Linux Production Release) 1.7.0_17
  • Oracle JDK(Linux Production Release) 1.7.0_8
  • Oracle JDK(Linux Production Release) 1.7.0_9
  • Oracle JDK(Solaris Production Release) 1.7.0_12
  • Oracle JDK(Solaris Production Release) 1.7.0_13
  • Oracle JDK(Solaris Production Release) 1.7.0_14
  • Oracle JDK(Solaris Production Release) 1.7.0_15
  • Oracle JDK(Solaris Production Release) 1.7.0_17
  • Oracle JDK(Solaris Production Release) 1.7.0_8
  • Oracle JDK(Solaris Production Release) 1.7.0_9
  • Oracle JDK(Windows Production Release) 1.7.0_10
  • Oracle JDK(Windows Production Release) 1.7.0_11
  • Oracle JDK(Windows Production Release) 1.7.0_12
  • Oracle JDK(Windows Production Release) 1.7.0_13
  • Oracle JDK(Windows Production Release) 1.7.0_14
  • Oracle JDK(Windows Production Release) 1.7.0_15
  • Oracle JDK(Windows Production Release) 1.7.0_17
  • Oracle JDK(Windows Production Release) 1.7.0_8
  • Oracle JDK(Windows Production Release) 1.7.0_9
  • Oracle JRE (Linux Production Release) 1.7.0_12
  • Oracle JRE (Linux Production Release) 1.7.0_13
  • Oracle JRE (Linux Production Release) 1.7.0_17
  • Oracle JRE (Linux Production Release) 1.7.0_2
  • Oracle JRE (Linux Production Release) 1.7.0_4
  • Oracle JRE (Linux Production Release) 1.7.0_7
  • Oracle JRE (Solaris Production Release) 1.7.0_17
  • Oracle JRE (Solaris Production Release) 1.7.0_2
  • Oracle JRE (Solaris Production Release) 1.7.0_4
  • Oracle JRE (Solaris Production Release) 1.7.0_7
  • Oracle JRE (Windows Production Release) 1.7.0_17
  • Oracle JRE (Windows Production Release) 1.7.0_2
  • Oracle JRE (Windows Production Release) 1.7.0_4
  • Oracle JRE (Windows Production Release) 1.7.0_7
  • Oracle JRE(Linux Production Release) 1.7.0_10
  • Oracle JRE(Linux Production Release) 1.7.0_11
  • Oracle JRE(Linux Production Release) 1.7.0_13
  • Oracle JRE(Linux Production Release) 1.7.0_14
  • Oracle JRE(Linux Production Release) 1.7.0_15
  • Oracle JRE(Linux Production Release) 1.7.0_17
  • Oracle JRE(Linux Production Release) 1.7.0_8
  • Oracle JRE(Linux Production Release) 1.7.0_9
  • Oracle JRE(Solaris Production Release) 1.7.0_10
  • Oracle JRE(Solaris Production Release) 1.7.0_11
  • Oracle JRE(Solaris Production Release) 1.7.0_12
  • Oracle JRE(Solaris Production Release) 1.7.0_13
  • Oracle JRE(Solaris Production Release) 1.7.0_14
  • Oracle JRE(Solaris Production Release) 1.7.0_15
  • Oracle JRE(Solaris Production Release) 1.7.0_17
  • Oracle JRE(Solaris Production Release) 1.7.0_8
  • Oracle JRE(Solaris Production Release) 1.7.0_9
  • Oracle JRE(Windows Production Release) 1.7.0_10
  • Oracle JRE(Windows Production Release) 1.7.0_11
  • Oracle JRE(Windows Production Release) 1.7.0_12
  • Oracle JRE(Windows Production Release) 1.7.0_13
  • Oracle JRE(Windows Production Release) 1.7.0_14
  • Oracle JRE(Windows Production Release) 1.7.0_15
  • Oracle JRE(Windows Production Release) 1.7.0_17
  • Oracle JRE(Windows Production Release) 1.7.0_8
  • Oracle JRE(Windows Production Release) 1.7.0_9
  • Redhat Enterprise Linux 5 Server
  • Redhat Enterprise Linux Desktop 5 Client
  • Redhat Enterprise Linux Desktop 6
  • Redhat Enterprise Linux Desktop Optional 6
  • Redhat Enterprise Linux Desktop Supplementary 5 Client
  • Redhat Enterprise Linux Desktop Supplementary 6
  • Redhat Enterprise Linux HPC Node 6
  • Redhat Enterprise Linux HPC Node Optional 6
  • Redhat Enterprise Linux HPC Node Supplementary 6
  • Redhat Enterprise Linux Server 6
  • Redhat Enterprise Linux Server Optional 6
  • Redhat Enterprise Linux Server Supplementary 6
  • Redhat Enterprise Linux Supplementary 5 Server
  • Redhat Enterprise Linux Workstation 6
  • Redhat Enterprise Linux Workstation Optional 6
  • Redhat Enterprise Linux Workstation Supplementary 6
  • SuSE Suse Linux Enterprise Desktop 11 SP2
  • SuSE openSUSE 12.2
  • Ubuntu Ubuntu Linux 10.04 LTS
  • Ubuntu Ubuntu Linux 11.10
  • Ubuntu Ubuntu Linux 12.04 LTS
  • Ubuntu Ubuntu Linux 12.10 amd64
  • Ubuntu Ubuntu Linux 12.10 i386

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.
Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.

Set web browser security to disable the execution of script code or active content.
Disabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.

Run all software as a nonprivileged user with minimal access rights.
To limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.

Updates are available. Please see the references or vendor advisory for more information.

Related

saint 4
veracode 1
threatpost 2
ubuntucve 2
packetstorm 1
prion 2
metasploit 1
cve 2
zdt 1
checkpoint_advisories 1
zdi 1
seebug 1
exploitdb 1
nessus 37
suse 1
openvas 29
ubuntu 2
centos 3
redhat 5
oraclelinux 3
amazon 2
fedora 3
ibm 13
securityvulns 1
gentoo 2
saint
saint
Java Runtime Environment DriverManager doPrivileged block sandbox bypass
2013-05-24 00:00:00
Java Runtime Environment DriverManager doPrivileged block sandbox bypass
2013-05-24 00:00:00
Java Runtime Environment DriverManager doPrivileged block sandbox bypass
2013-05-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:44:36
threatpost
threatpost
Details Available for Chrome, Java Pwn2Own Flaws
2013-04-22 15:33:07
Microsoft Mitigation Bypass Bounty Winner James Forshaw
2013-10-10 13:12:31
ubuntucve
ubuntucve
CVE-2013-1488
2013-03-08 00:00:00
CVE-2013-2436
2013-04-17 00:00:00
packetstorm
packetstorm
Java Applet Driver Manager Privileged toString() Remote Code Execution
2013-06-10 00:00:00
prion
prion
Design/Logic Flaw
2013-03-08 18:55:00
Type confusion
2013-04-17 18:55:00
metasploit
metasploit
Java Applet Driver Manager Privileged toString() Remote Code Execution
2013-06-07 18:39:19
cve
cve
CVE-2013-1488
2013-03-08 18:55:00
CVE-2013-2436
2013-04-17 18:55:00
zdt
zdt
Java Applet Driver Manager Privileged toString() Remote Code Execution
2013-06-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java java.sql.DriverManager Sandbox Bypass (CVE-2013-1488)
2013-06-23 00:00:00
zdi
zdi
(Pwn2Own) Oracle Java DriverManager Privilege Block Remote Code Execution Vulnerability
2013-05-10 00:00:00
seebug
seebug
Java Applet Driver Manager Privileged toString() Remote Code Execution
2014-07-01 00:00:00
exploitdb
exploitdb
Java Applet - Driver Manager Privileged 'toString()' Remote Code Execution (Metasploit)
2013-06-11 00:00:00
nessus
nessus
Mac OS X : Java for Mac OS X 10.6 Update 13
2013-02-20 00:00:00
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)
2014-06-13 00:00:00
SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 7718)
2013-05-22 00:00:00
suse
suse
Security update for java-1_6_0-openjdk (important)
2013-05-21 20:04:20
openvas
openvas
CentOS Update for java CESA-2013:0770 centos6
2013-04-25 00:00:00
Ubuntu Update for openjdk-6 USN-1819-1
2013-05-09 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2013:0770-01
2013-04-25 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-05-07 00:00:00
OpenJDK 7 vulnerabilities
2013-04-23 00:00:00
centos
centos
java security update
2013-04-24 20:56:24
java security update
2013-04-17 22:33:59
java security update
2013-04-17 21:01:08
redhat
redhat
(RHSA-2013:0770) Important: java-1.6.0-openjdk security update
2013-04-24 00:00:00
(RHSA-2013:0752) Important: java-1.7.0-openjdk security update
2013-04-17 00:00:00
(RHSA-2013:0751) Critical: java-1.7.0-openjdk security update
2013-04-17 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-04-24 00:00:00
java-1.7.0-openjdk security update
2013-04-17 00:00:00
java-1.7.0-openjdk security update
2013-04-17 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-04-25 20:40:00
Critical: java-1.7.0-openjdk
2013-04-18 13:59:00
fedora
fedora
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc18
2013-04-18 02:47:29
[SECURITY] Fedora 19 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.6.fc19
2013-04-25 14:19:39
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.fc17
2013-04-19 05:01:04
ibm
ibm
Security Bulletin: IBM WebSphere Business Services Fabric – Information regarding a security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)
2022-09-25 21:06:56
Security Bulletin: IBM Intelligent Operations Center 1.5 WebSphere Application Server - Oracle Java CPU April 2013
2022-09-25 21:06:56
Security Bulletin: WebSphere Application Server - IBM SDK for Java April 2013 CPU
2022-09-26 05:45:55
securityvulns
securityvulns
Oracle Java / OpenJDK multiple security vulnerabilities
2013-04-22 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

0.97 High

EPSS

Percentile

99.7%

JSON
Related for SMNTC-58504
saint4veracode1threatpost2ubuntucve2packetstorm1prion2metasploit1cve2zdt1checkpoint_advisories1zdi1seebug1exploitdb1nessus37suse1openvas29ubuntu2centos3redhat5oraclelinux3amazon2fedora3ibm13securityvulns1gentoo2