Sid 1-37820

Rule Documentation
References

Rule Category

FILE-JAVA -- Snort has detected traffic targeting vulnerabilities that are exploited in java files such as .class or .jar.

Alert Message

FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt

Rule Explanation

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing." Impact: CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE-2013-2470

Additional Links

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

Rule Vulnerability

CVE Additional Information

CVE-2013-2470

Details
Severity	HIGH	Base Score	10.0
Impact Score	10.0	Exploit Score	10.0
Confidentiality Impact	COMPLETE	Integrity Impact	COMPLETE
Availability Impact	COMPLETE	Access Vector
Authentication	NONE	Ease of Access