Oracle Java 7 Security Manager Bypass Vulnerability (CVE-2013-0422)

Share this post:


A new Java zero-day vulnerability, CVE-2013-0422, was publicly reported on January 10, 2013. Details about this issue are available in a Vulnerability Note published by CERT/CC Carnegie Mellon and also available in Alert (TA13-010A) published by the United States Computer Emergency Readiness Team (US-CERT).

This vulnerability can only be exploited as a client-side attack specifically targeting the browser software located on a user’s desktop; for more information about client-side attacks see “Client-Side Attacks: An Overview“. This vulnerability is not applicable to Java running on servers, desktop applications, nor embedded applications.

The IBM Software Development Kit (SDK) and IBM Java Runtime Environment (JRE) are not vulnerable to this exploit.

If you are using Oracle’s JDK or JRE 7 Update 10 or earlier, see Oracle Security Alert for CVE-2013-0422 for patch information.

Please check back for updates.

More stories

IBM Addresses Reported Intel Security Vulnerabilities

May 20, 2019 4:34 pm EDT

In May 2019, Microarchitectural Data Sampling (MDS) side channel attack variants were disclosed (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091). These security vulnerabilities made public by Intel have the potential to allow an attacker running code on the same physical CPU to read other data being processed by that CPU. There are no known exploits at this ...read more


Potential Impact on Processors in the POWER Family

May 14, 2019 6:30 pm EDT

In January 2018, three security vulnerabilities were made public that allow unauthorized users to bypass the hardware barrier between applications and kernel memory. These vulnerabilities all make use of speculative execution to perform side-channel information disclosure attacks. The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to ...read more


IBM Product Security Incident Response

Acknowledgement

Feb 27, 2019 3:40 pm EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2019 Neil Kettle, (Trustwave) Steve Petz   Disclosures for 2018 Artem Metla Cody Wass, (NetSPI) David Azria, Alex Mor, (Ernst & Young, Hacktics Advanced ...read more