What is CVE-2013-1488?

CVE-2013-1488 is a vulnerability in Oracle Jdk, classified under Code Injection. Published 2013-03-08.

Is CVE-2013-1488 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Oracle Jdk

CVE-2013-1488

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString call…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.863 (99.4th percentile) — read the EPSS interpretation.

Affected products

Oracle Jdk — versions 1.7.0
Oracle Jre — versions 1.7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

References

oval:org.mitre.oval:def:16511 (x_refsource_OVAL, signature, vdb-entry)
GLSA-201406-32 (vendor-advisory, x_refsource_GENTOO)
secalert_us@oracle.com (x_refsource_MISC)
[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released! (mailing-list, x_refsource_MLIST)
MDVSA-2013:145 (vendor-advisory, x_refsource_MANDRIVA)
TA13-107A (US Government Resource, x_refsource_CERT, third-party-advisory)
secalert_us@oracle.com (x_refsource_CONFIRM)
secalert_us@oracle.com (x_refsource_CONFIRM)
RHSA-2013:0757 (x_refsource_REDHAT, vendor-advisory)
secalert_us@oracle.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2013-1488?: CVE-2013-1488 is a vulnerability in Oracle Jdk, classified under Code Injection. Published 2013-03-08.
Is CVE-2013-1488 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.