Executive Summary

Informations
Name CVE-2013-0422 First vendor Publication 2013-01-10
Vendor Cve Last vendor Modification 2025-03-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18151
 
Oval ID: oval:org.mitre.oval:def:18151
Title: USN-1693-1 -- openjdk-7 vulnerabilities
Description: OpenJDK 7 could be made to crash or run programs as your login if it opened a specially crafted Java applet.
Family: unix Class: patch
Reference(s): USN-1693-1
CVE-2012-3174
CVE-2013-0422
 Version: 7
Platform(s): Ubuntu 12.10
 Product(s): openjdk-7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20562
 
Oval ID: oval:org.mitre.oval:def:20562
Title: RHSA-2013:0156: java-1.7.0-oracle security update (Critical)
Description: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family: unix Class: patch
Reference(s): RHSA-2013:0156-01
CVE-2012-3174
CVE-2013-0422
 Version: 31
Platform(s): Red Hat Enterprise Linux 6
 Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20822
 
Oval ID: oval:org.mitre.oval:def:20822
Title: RHSA-2013:0165: java-1.7.0-openjdk security update (Important)
Description: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family: unix Class: patch
Reference(s): RHSA-2013:0165-01
CESA-2013:0165
CVE-2012-3174
CVE-2013-0422
 Version: 31
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
 Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23455
 
Oval ID: oval:org.mitre.oval:def:23455
Title: DEPRECATED: ELSA-2013:0165: java-1.7.0-openjdk security update (Important)
Description: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0165-01
CVE-2012-3174
CVE-2013-0422
 Version: 14
Platform(s): Oracle Linux 6
Oracle Linux 5
 Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23559
 
Oval ID: oval:org.mitre.oval:def:23559
Title: ELSA-2013:0165: java-1.7.0-openjdk security update (Important)
Description: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0165-01
CVE-2012-3174
CVE-2013-0422
 Version: 13
Platform(s): Oracle Linux 6
Oracle Linux 5
 Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23877
 
Oval ID: oval:org.mitre.oval:def:23877
Title: ELSA-2013:0156: java-1.7.0-oracle security update (Critical)
Description: Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0156-01
CVE-2012-3174
CVE-2013-0422
 Version: 13
Platform(s): Oracle Linux 6
 Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27449
 
Oval ID: oval:org.mitre.oval:def:27449
Title: DEPRECATED: ELSA-2013-0165 -- java-1.7.0-openjdk security update (important)
Description: [1.7.0.9-2.3.4.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.4.1.el6] - Rewerted to IcedTea 2.3.4 - rewerted patch105: java-1.7.0-openjdk-disable-system-lcms.patch - removed jxmd and idlj to alternatives - make NOT executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - re-applied patch302 and restored systemtap.patch - buildver set to 9 - icedtea_version set to 2.3.4 - unapplied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - restored tmp-patches source tarball - removed /lib/security/US_export_policy.jar and lib/security/local_policy.jar - java-1.7.0-openjdk-java-access-bridge-security.patch's path moved from java.security-linux back to java.security - Resolves: rhbz#895033 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Resolves: rhbz#895033
Family: unix Class: patch
Reference(s): ELSA-2013-0165
CVE-2012-3174
CVE-2013-0422
 Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): java-1.7.0-openjdk
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 10
Application 10
Os 1
Os 1

SAINT Exploits

Description Link
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape More info here

ExploitDB Exploits

id Description
2013-01-11 Java Applet JMX Remote Code Execution

Snort® IPS/IDS

Date Description
2014-11-16 CottonCastle exploit kit Oracle java outbound connection
RuleID : 31278 - Revision : 2 - Type : EXPLOIT-KIT
2014-11-16 CottonCastle exploit kit Oracle Java outbound connection
RuleID : 31277 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21 Styx exploit kit eot outbound connection
RuleID : 29453 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21 Styx exploit kit landing page request
RuleID : 29452 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21 Styx exploit kit outbound jar request
RuleID : 29451 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21 Styx exploit kit outbound connection attempt
RuleID : 29450 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21 Styx exploit kit landing page
RuleID : 29449 - Revision : 3 - Type : EXPLOIT-KIT
2014-02-21 Styx exploit kit landing page
RuleID : 29448 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21 Styx exploit kit jar outbound connection
RuleID : 29446 - Revision : 9 - Type : EXPLOIT-KIT
2014-02-21 Styx exploit kit fonts download page
RuleID : 29445 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit landing page request
RuleID : 28478 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit outbound pdf request
RuleID : 28477 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Win.Trojan.Bspire variant connection
RuleID : 28439 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Styx exploit kit malicious redirection attempt
RuleID : 27815 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit landing page request
RuleID : 27814 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit landing page with payload
RuleID : 27813 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Nailed exploit kit jmxbean remote code execution exploit download - autopwn
RuleID : 27083 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit JNLP request
RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific structure
RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit plugin detection connection jovf
RuleID : 27042-community - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit plugin detection connection jovf
RuleID : 27042 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit plugin detection connection jlnp
RuleID : 27041-community - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit plugin detection connection jlnp
RuleID : 27041 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit plugin detection connection jorg
RuleID : 27040-community - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit plugin detection connection jorg
RuleID : 27040 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Goon/Infinity/Redkit exploit kit short jar request
RuleID : 26808 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit landing page
RuleID : 26807 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit short JNLP request
RuleID : 26806 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit encrypted binary download
RuleID : 26805 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit landing page - specific structure
RuleID : 26653 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit successful redirection - jnlp bypass
RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Sakura exploit kit pdf download detection
RuleID : 26539 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Sakura exploit kit landing page received
RuleID : 26538 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Sakura exploit kit jar download detection
RuleID : 26537 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java payload detection
RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Sakura exploit kit redirection structure
RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf payload detection
RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit java payload detection
RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page - specific structure
RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit jar file redirection
RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit landing page
RuleID : 26384 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit landing page
RuleID : 26383 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit java exploit request
RuleID : 26377 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit landing page redirection
RuleID : 26351 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 TDS redirection - may lead to exploit kit
RuleID : 26350 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit obfuscated portable executable
RuleID : 26349 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit java exploit delivery
RuleID : 26348 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit java exploit request
RuleID : 26347 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit payload requested
RuleID : 26346 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit landing page
RuleID : 26345 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit landing page redirection
RuleID : 26344 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit redirection page
RuleID : 26297 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit landing page
RuleID : 26296 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Watering Hole Campaign applet download
RuleID : 26294 - Revision : 5 - Type : FILE-OTHER
2014-01-10 Cool exploit kit malicious jar download
RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Impact exploit kit landing page
RuleID : 26252 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit MyApplet class retrieval
RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit landing page
RuleID : 26090 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection structure
RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Crimeboss exploit kit - Java exploit download
RuleID : 26039 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Crimeboss exploit kit - Java exploit download
RuleID : 26038 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit iframe redirection attempt
RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page
RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit landing page
RuleID : 25989 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit landing page
RuleID : 25988 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit redirection
RuleID : 25971 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit former location - has been removed
RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Java exploit download
RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Oracle Java JMX class arbitrary code execution attempt
RuleID : 25834 - Revision : 6 - Type : FILE-JAVA
2014-01-10 Oracle Java malicious class download attempt
RuleID : 25833 - Revision : 6 - Type : FILE-JAVA
2014-01-10 Oracle Java JMX class arbitrary code execution attempt
RuleID : 25832 - Revision : 7 - Type : FILE-JAVA
2014-01-10 Oracle Java JMX class arbitrary code execution attempt
RuleID : 25831 - Revision : 5 - Type : FILE-JAVA
2014-01-10 Oracle Java malicious class download attempt
RuleID : 25830 - Revision : 12 - Type : FILE-JAVA
2014-01-10 Whitehole exploit kit landing page
RuleID : 25806 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Whitehole exploit kit Java exploit retrieval
RuleID : 25805 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Whitehole exploit kit malicious jar download attempt
RuleID : 25804 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Blackhole exploit kit landing page - specific structure
RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific structure
RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Red Dot executable retrieval attempt
RuleID : 25540 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Red Dot java retrieval attempt
RuleID : 25539 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Red Dot landing page
RuleID : 25538 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Oracle Java JMX class arbitrary code execution attempt
RuleID : 25473 - Revision : 6 - Type : FILE-JAVA
2014-01-10 Oracle Java JMX class arbitrary code execution attempt
RuleID : 25472 - Revision : 12 - Type : FILE-JAVA
2014-01-10 Multiple exploit kit malicious jar archive download
RuleID : 25302 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 redirect to malicious java archive attempt
RuleID : 25301 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Redkit exploit kit redirection attempt
RuleID : 25255 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit portable executable download request
RuleID : 25140 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit eot outbound connection
RuleID : 25139 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit pdf outbound connection
RuleID : 25138 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit jar outbound connection
RuleID : 25137 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Styx exploit kit plugin detection connection
RuleID : 25136 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Styx Exploit Kit outbound connection
RuleID : 25135 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page in an email
RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific-structure
RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page in an email
RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific-structure
RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page in an email
RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific-structure
RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Possible malicious Jar download attempt - specific-structure
RuleID : 24798-community - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Possible malicious Jar download attempt - specific-structure
RuleID : 24798 - Revision : 5 - Type : EXPLOIT-KIT

Metasploit Database

id Description
2013-01-10 Java Applet JMX Remote Code Execution

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-47.nasl - Type : ACT_GATHER_INFO
2014-01-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-151.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0165.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-130306.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0626.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote host contains a programming platform that is potentially affected ...
File : oracle_java7_update11_unix.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_d5e0317e5e4511e2a113c48508086173.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Fedora host is missing a security update.
File : fedora_2013-0888.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0165.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Fedora host is missing a security update.
File : fedora_2013-0868.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130116_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Fedora host is missing a security update.
File : fedora_2013-0853.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1693-1.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0165.nasl - Type : ACT_GATHER_INFO
2013-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0156.nasl - Type : ACT_GATHER_INFO
2013-01-14 Name : The remote Windows host contains a programming platform that is potentially a...
File : oracle_java7_update11.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-da...
http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-...
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-...
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disabl...
http://rhn.redhat.com/errata/RHSA-2013-0156.html
http://rhn.redhat.com/errata/RHSA-2013-0165.html
http://seclists.org/bugtraq/2013/Jan/48
http://www.kb.cert.org/vuls/id/625617
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849...
http://www.ubuntu.com/usn/USN-1693-1
http://www.us-cert.gov/cas/techalerts/TA13-010A.html
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200...
https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits...
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018
https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Date Informations
2025-03-14 00:23:34
  • Multiple Updates
2025-02-11 17:21:36
  • Multiple Updates
2024-12-20 00:21:19
  • Multiple Updates
2024-11-28 12:33:10
  • Multiple Updates
2024-04-26 21:28:25
  • Multiple Updates
2024-02-02 01:21:43
  • Multiple Updates
2024-02-01 12:06:23
  • Multiple Updates
2023-09-05 12:20:31
  • Multiple Updates
2023-09-05 01:06:17
  • Multiple Updates
2023-09-02 12:20:33
  • Multiple Updates
2023-09-02 01:06:22
  • Multiple Updates
2023-08-12 12:24:34
  • Multiple Updates
2023-08-12 01:06:24
  • Multiple Updates
2023-08-11 12:20:41
  • Multiple Updates
2023-08-11 01:06:34
  • Multiple Updates
2023-08-06 12:19:54
  • Multiple Updates
2023-08-06 01:06:24
  • Multiple Updates
2023-08-04 12:19:58
  • Multiple Updates
2023-08-04 01:06:27
  • Multiple Updates
2023-07-14 12:19:57
  • Multiple Updates
2023-07-14 01:06:21
  • Multiple Updates
2023-03-29 01:21:56
  • Multiple Updates
2023-03-28 12:06:29
  • Multiple Updates
2022-10-11 12:17:50
  • Multiple Updates
2022-10-11 01:06:04
  • Multiple Updates
2021-05-04 12:23:24
  • Multiple Updates
2021-04-22 01:27:59
  • Multiple Updates
2020-05-23 13:17:01
  • Multiple Updates
2020-05-23 00:35:47
  • Multiple Updates
2016-04-26 22:42:08
  • Multiple Updates
2014-11-16 21:24:39
  • Multiple Updates
2014-10-12 13:26:56
  • Multiple Updates
2014-06-14 13:34:18
  • Multiple Updates
2014-02-21 21:20:36
  • Multiple Updates
2014-02-21 13:22:42
  • Multiple Updates
2014-02-17 11:15:44
  • Multiple Updates
2014-02-12 13:22:31
  • Multiple Updates
2014-01-19 21:29:08
  • Multiple Updates
2013-05-10 22:28:13
  • Multiple Updates
2013-02-26 13:19:08
  • Multiple Updates
2013-02-07 13:21:44
  • Multiple Updates
2013-02-02 13:23:40
  • Multiple Updates
2013-01-17 21:21:24
  • Multiple Updates
2013-01-16 13:19:45
  • Multiple Updates
2013-01-15 13:21:19
  • Multiple Updates
2013-01-14 17:21:33
  • Multiple Updates
2013-01-12 13:21:40
  • Multiple Updates
2013-01-11 21:23:44
  • Multiple Updates
2013-01-11 17:20:23
  • Multiple Updates
2013-01-11 13:22:05
  • First insertion