U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2013-0422

Change History

Modified Analysis by NIST 4/26/2024 12:07:03 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
OR
     *cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
     *cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
     *cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
Changed Reference Type
http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html No Types Assigned
http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html Not Applicable
Changed Reference Type
http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/ No Types Assigned
http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/ Broken Link
Changed Reference Type
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html No Types Assigned
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html Third Party Advisory
Changed Reference Type
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ No Types Assigned
http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ Third Party Advisory
Changed Reference Type
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ No Types Assigned
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ Broken Link, Third Party Advisory
Changed Reference Type
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html Mailing List, Third Party Advisory
Changed Reference Type
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html No Types Assigned
http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2013-0156.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2013-0156.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2013-0165.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2013-0165.html Third Party Advisory
Changed Reference Type
http://seclists.org/bugtraq/2013/Jan/48 No Types Assigned
http://seclists.org/bugtraq/2013/Jan/48 Mailing List, Third Party Advisory
Changed Reference Type
http://www.kb.cert.org/vuls/id/625617 US Government Resource
http://www.kb.cert.org/vuls/id/625617 Third Party Advisory, US Government Resource
Changed Reference Type
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 No Types Assigned
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 Not Applicable
Changed Reference Type
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html No Types Assigned
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html Vendor Advisory
Changed Reference Type
http://www.ubuntu.com/usn/USN-1693-1 No Types Assigned
http://www.ubuntu.com/usn/USN-1693-1 Third Party Advisory
Changed Reference Type
http://www.us-cert.gov/cas/techalerts/TA13-010A.html US Government Resource
http://www.us-cert.gov/cas/techalerts/TA13-010A.html Third Party Advisory, US Government Resource
Changed Reference Type
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf No Types Assigned
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf Broken Link
Changed Reference Type
https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013 No Types Assigned
https://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013 Not Applicable
Changed Reference Type
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018 No Types Assigned
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0018 Third Party Advisory
Changed Reference Type
https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us No Types Assigned
https://www-304.ibm.com/connections/blogs/PSIRT/entry/oracle_java_7_security_manager_bypass_vulnerability_cve_2013_04224?lang=en_us Not Applicable
Removed Evaluator Impact
Per: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

'Note: JDK and JRE 6, 5.0 and 1.4.2, and Java SE Embedded JRE releases are not affected.'