← back
CVE-2013-1488

CVE-2013-1488

60Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 87%
from disclosure to weapon95 days
Published on NVDMar 8
1st PoC+95d
metasploitJan 10
exploitation probability
87%top 1% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.