Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4578

Опубликовано: 29 дек. 2017
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update10_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update11_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update17_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update17_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update21_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update25_b33:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update25_b34:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update25_b35:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update45_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update45_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update45_b33:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update45_b34:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update17_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update17_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update21_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update25_b33:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update25_b34:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update25_b35:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update45_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update45_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update45_b33:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update45_b34:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7_b32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9_b31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9_b32:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
Версия до 1.7.0 (включая)
cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
Версия до 1.7.0 (включая)

EPSS

Процентиль: 52%
0.0029
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

ubuntu логотип

CVE-2013-4578

CVSS3: 5.3
ubuntu
около 8 лет назад

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

redhat логотип

CVE-2013-4578

redhat
около 12 лет назад

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

debian логотип

CVE-2013-4578

CVSS3: 5.3
debian
около 8 лет назад

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote atta ...

github логотип

GHSA-6xg2-jpwh-hh9f

CVSS3: 5.3
github
больше 3 лет назад

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

EPSS

Процентиль: 52%
0.0029
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-74