CVE-2013-2416 [Medium] | Security Vulnerability in Jre

CVE-2013-2416 is rated High Exploit Risk (71.2/100): CVSS Medium severity, with high exploitation likelihood (EPSS 37.62%, 97th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +10.89% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
24966	exploit_db	edb	2013-04-18	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

24966

exploit_db

edb

2013-04-18

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-01-19	26.73%	37.62%	+10.89%
2	2025-10-01	37.62%	26.73%	-10.89%
3	2025-05-27	—	37.62%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-01-19

26.73%

37.62%

+10.89%

2025-10-01

37.62%

26.73%

-10.89%

2025-05-27

—

37.62%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	8.6	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

8.6

2.9

[email protected]

OS Trackers for CVE-2013-2416

vendor	priority	summary	link
`gentoo`	high	CVE-2013-2416: 1 GLSA(s) (201401-30), 5 atom(s) (app-emulation/emul-linux-x86-java, dev-java/oracle-jdk-bin, dev-java/oracle-jre-bin, dev-java/sun-jdk, dev-java/sun-jre-bin); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-2416
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2013-2416
`ubuntu`	medium	CVE-2013-2416 medium priority: Ubuntu including 4 source packages (icedtea-web, openjdk-6, openjdk-6b18, openjdk-7), 24 status rows across 6 suites (hardy, lucid, oneiric, precise, quantal, upstream): not-affected 13, DNE 6, ignored 3, needs-triage 1, released 1.	https://ubuntu.com/security/CVE-2013-2416

Affected software / configurations for CVE-2013-2416

Vendor	Product	Version	Raw CPE
oracle	jre	<= 1.7.0	cpe:2.3:a:oracle:jre::update17::::::*
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:::::::*
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update1::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update10::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update11::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update13::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update15::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update2::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update3::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update4::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update5::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update6::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update7::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update9::::::
oracle	jdk	<= 1.7.0	cpe:2.3:a:oracle:jdk::update17::::::*
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:::::::*
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update1::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update10::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update11::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update13::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update15::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update2::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update3::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update4::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update5::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update6::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update7::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update9::::::

References for CVE-2013-2416

URL	Tags
http://rhn.redhat.com/errata/RHSA-2013-0757.html
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html	Vendor Advisory
http://www.us-cert.gov/ncas/alerts/TA13-107A	US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16464

URL

CVE-2013-2416

Public exploit references (Exploit-DB) for CVE-2013-2416

Exploit prediction scoring system (EPSS) score for CVE-2013-2416

Common vulnerability scoring system (CVSS) metrics for CVE-2013-2416

Weakness enumeration for CVE-2013-2416

OS Trackers for CVE-2013-2416

Affected software / configurations for CVE-2013-2416

References for CVE-2013-2416