Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
Publish Date : 2013-04-17 Last Update Date : 2013-11-18
(There is no impact to the confidentiality of the system.)
(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
(There is no impact to the availability of the system.)
(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
(Authentication is not required to exploit the vulnerability.)
Bypass a restriction or similar
||CWE id is not defined for this vulnerability
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.