What is CVE-2013-2460?

CVE-2013-2460 is a vulnerability in Oracle Jdk. Published 2013-06-18.

Is CVE-2013-2460 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Oracle Jdk

CVE-2013-2460

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related…

EPSS: 0.909 (99.6th percentile) — read the EPSS interpretation.

Affected products

Oracle Jdk — versions 1.7.0
Oracle Jre — versions 1.7.0
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

RHSA-2013:1060 (x_refsource_REDHAT, vendor-advisory)
GLSA-201406-32 (vendor-advisory, x_refsource_GENTOO)
secalert_us@oracle.com (x_refsource_MISC)
secalert_us@oracle.com (x_refsource_CONFIRM, Vendor Advisory)
SUSE-SU-2013:1257 (vendor-advisory, x_refsource_SUSE)
HPSBUX02907 (x_refsource_HP, vendor-advisory)
SUSE-SU-2013:1256 (vendor-advisory, x_refsource_SUSE)
54154 (x_refsource_SECUNIA, third-party-advisory)
oval:org.mitre.oval:def:19129 (x_refsource_OVAL, signature, vdb-entry)
oval:org.mitre.oval:def:17116 (x_refsource_OVAL, signature, vdb-entry)

Frequently asked questions

What is CVE-2013-2460?: CVE-2013-2460 is a vulnerability in Oracle Jdk. Published 2013-06-18.
Is CVE-2013-2460 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.