Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert.

Remediation

References

CVE-2013-2436

Related Vulnerabilities

Oracle JRE CVE-2013-5809 Vulnerability (CVE-2013-5809)

WordPress Plugin Elementor Addon Elements Cross-Site Request Forgery (1.6.3)

Drupal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-24729)

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.10)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25603)

Severity

Critical

Classification

CVE-2013-2436

Tags

Missing Update Known Vulnerabilities