QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2013-2423

Back to search

CVE-2013-2423

Published: Apr 17, 2013

Modified: Oct 22, 2025

PUBLISHED

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.

VendorProductVersions

n/a

n/a

affected
n/a

References

GLSA-201406-32
vendor-advisory
x_refsource_GENTOO
TA13-107A
third-party-advisory
x_refsource_CERT
RHSA-2013:0757
vendor-advisory
x_refsource_REDHAT
24976
exploit
x_refsource_EXPLOIT-DB
MDVSA-2013:161
vendor-advisory
x_refsource_MANDRIVA
openSUSE-SU-2013:0964
vendor-advisory
x_refsource_SUSE
RHSA-2013:0752
vendor-advisory
x_refsource_REDHAT
USN-1806-1
vendor-advisory
x_refsource_UBUNTU
oval:org.mitre.oval:def:16700
vdb-entry
signature
x_refsource_OVAL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now