It was discovered that OpenJDK 7’s security mechanism could be bypassed via
Java applets. If a user were tricked into opening a malicious website, a
remote attacker could exploit this to perform arbitrary code execution as
the user invoking the program.

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchopenjdk-7-jre-zero< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN
Ubuntu12.10noarchicedtea-7-jre-cacao< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN
Ubuntu12.10noarchicedtea-7-jre-jamvm< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN
Ubuntu12.10noarchopenjdk-7-dbg< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN
Ubuntu12.10noarchopenjdk-7-demo< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN
Ubuntu12.10noarchopenjdk-7-jdk< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN
Ubuntu12.10noarchopenjdk-7-jre< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN
Ubuntu12.10noarchopenjdk-7-jre-headless< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN
Ubuntu12.10noarchopenjdk-7-jre-lib< 7u9-2.3.4-0ubuntu1.12.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	12.10	noarch	openjdk-7-jre-zero	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN
Ubuntu	12.10	noarch	icedtea-7-jre-cacao	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN
Ubuntu	12.10	noarch	icedtea-7-jre-jamvm	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN
Ubuntu	12.10	noarch	openjdk-7-dbg	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN
Ubuntu	12.10	noarch	openjdk-7-demo	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN
Ubuntu	12.10	noarch	openjdk-7-jdk	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN
Ubuntu	12.10	noarch	openjdk-7-jre	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN
Ubuntu	12.10	noarch	openjdk-7-jre-headless	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN
Ubuntu	12.10	noarch	openjdk-7-jre-lib	< 7u9-2.3.4-0ubuntu1.12.10.1	UNKNOWN

References

ubuntu.com/security/CVE-2012-3174

ubuntu.com/security/CVE-2013-0422

openvas 21

nessus 19

cve 2

prion 2

oraclelinux 1

fedora 3

suse 2

ubuntucve 2

seebug 3

redhat 3

cert 1

centos 1

zdi 1

attackerkb 1

amazon 1

veracode 2

checkpoint_advisories 4

securityvulns 2

threatpost 11

zdt 1

ibm 10

packetstorm 1

symantec 1

thn 3

saint 8

canvas 1

cisa_kev 1

metasploit 1

exploitdb 1

freebsd 1

fireeye 1

securelist 1

gentoo 1

openvas

Fedora Update for java-1.7.0-openjdk FEDORA-2013-0853

2013-01-21 00:00:00

CentOS Update for java CESA-2013:0165 centos5

2013-01-21 00:00:00

Ubuntu Update for openjdk-7 USN-1693-1

2013-01-21 00:00:00

nessus

Fedora 17 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc17 (2013-0868)

2013-01-17 00:00:00

Oracle Java SE 7 < Update 11 Multiple Vulnerabilities (Unix)

2013-02-22 00:00:00

Fedora 16 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16 (2013-0888)

2013-01-17 00:00:00

cve

CVE-2012-3174

2013-01-14 22:55:00

CVE-2013-0422

2013-01-10 21:55:00

prion

Design/Logic Flaw

2013-01-14 22:55:00

Design/Logic Flaw

2013-01-10 21:55:00

oraclelinux

java-1.7.0-openjdk security update

2013-01-16 00:00:00

fedora

[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18

2013-01-16 19:35:17

[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc17

2013-01-16 19:42:39

[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.9-2.3.4.fc16

2013-01-16 19:49:12

suse

java-1_7_0-openjdk: update to icedtea-2.3.4 (critical)

2013-01-25 14:04:23

Security update for Java (important)

2013-03-13 00:05:30

ubuntucve

CVE-2012-3174

2013-01-14 00:00:00

CVE-2013-0422

2013-01-10 00:00:00

seebug

Oracle Java Runtime Environment 未明远程代码执行漏洞(CVE-2012-3174)

2013-01-16 00:00:00

Oracle Java 7 JmxMBeanServer类远程代码执行漏洞

2013-01-14 00:00:00

Java Applet JMX Remote Code Execution

2014-07-01 00:00:00

redhat

(RHSA-2013:0165) Important: java-1.7.0-openjdk security update

2013-01-16 00:00:00

(RHSA-2013:0156) Critical: java-1.7.0-oracle security update

2013-01-14 00:00:00

(RHSA-2013:0626) Critical: java-1.7.0-ibm security update

2013-03-11 00:00:00

cert

Java 7 fails to restrict access to privileged code

2013-01-10 00:00:00

centos

java security update

2013-01-16 20:29:20

zdi

Oracle Java Runtime Environment MethodHandle Security Manager Bypass Remote Code Execution Vulnerability

2013-02-01 00:00:00

attackerkb

CVE-2013-0422

2013-01-10 00:00:00

amazon

Important: java-1.7.0-openjdk

2013-02-03 12:35:00

veracode

Authorization Bypass

2019-01-15 08:53:56

Sandbox Restrictions Bypass

2019-05-02 04:46:00

checkpoint_advisories

Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)

2014-02-03 00:00:00

Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)

2014-01-07 00:00:00

Oracle Java JmxMBeanServer Package Sandbox Breach (CVE-2013-0422)

2013-01-13 00:00:00

securityvulns

0-day vulnerability in Oracle Java is used to install maliscious software

2013-01-21 00:00:00

[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable

2013-01-21 00:00:00

threatpost

NBC Website Hacked, Leading Visitors to Citadel Banking Malware

2013-02-21 21:07:10

ADP-Themed Phishing Emails Lead to Blackhole Sites

2013-01-14 18:29:21

Emergency Zero-Day Patch Does Not Quiet Calls to Disable Java

2013-01-14 16:40:39

zdt

Java Applet JMX Remote Code Execution Vulnerability

2013-01-11 00:00:00

ibm

Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Collaborative Lifecycle Management products (CVE-2013-0422)

2018-06-17 04:42:53

Security Bulletin: Security vulnerability in Oracle Java 7 impacts IBM Rational Change (CVE-2013-0422)

2018-06-17 04:42:58

Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Advanced/Enterprise for the Oracle CPU February 2013.

2022-09-25 23:13:40

packetstorm

Java Applet JMX Remote Code Execution

2013-01-11 00:00:00

symantec

Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities

2013-01-10 00:00:00

thn

Oracle Patches Java Zero Day Vulnerability

2013-01-16 06:01:00

Oracle Patches Java Zero Day Vulnerability

2013-01-16 17:01:00

ICEPOL Ransomware Servers seized by Romanian Police that infected 260,000 Computers

2014-01-29 22:48:00

saint

Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape

2013-01-14 00:00:00

Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape

2013-01-14 00:00:00

Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape

2013-01-14 00:00:00

canvas

Immunity Canvas: JAVA_MBEANINSTANTIATOR_FINDCLASS

2013-01-10 21:55:00

cisa_kev

Oracle JRE Remote Code Execution Vulnerability

2022-05-25 00:00:00

metasploit

Java Applet JMX Remote Code Execution

2013-01-10 19:30:43

exploitdb

Java Applet JMX - Remote Code Execution (Metasploit) (1)

2013-01-11 00:00:00

freebsd

java 7.x -- security manager bypass

2013-01-10 00:00:00

fireeye

Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents

2013-03-20 17:26:00

securelist

Investigation Report for the September 2014 Equation malware detection incident in the US

2017-11-16 10:00:34

gentoo

Oracle JRE/JDK: Multiple vulnerabilities

2014-01-27 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Related for USN-1693-1