CVE-2013-4578

Published: Dec 29, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2014:0414

vendor-advisory

x_refsource_REDHAT

[oss-security] 20150208 CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

mailing-list

x_refsource_MLIST

[oss-security] 20150209 Re: CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

mailing-list

x_refsource_MLIST

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927e

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1031471

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-4578

Description

Affected Products

References