CVE-2013-0428
OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
Severity Score
Exploit Likelihood
Affected Versions
241Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, y v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la confidencialiad, integridad y disponibilidad mediante vectores desconocidos relacionados con Libraries, una vulnerabilidad diferente a CVE-2013-0425 y CVE-2013-0426.
This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-07 CVE Reserved
- 2013-02-02 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (28)
| URL | Tag | Source |
|---|---|---|
| http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11... | X_refsource_confirm | |
| http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c953... | X_refsource_confirm | |
| http://www.kb.cert.org/vuls/id/858729 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/57713 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA13-032A.html | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitr... | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitr... | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitr... | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitr... | Signature | |
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|