CVE-2013-5893 - Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows re

CVE-2013-5893

Summary

Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows attackers to escape the sandbox.

References

Vulnerable Configurations

cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

redhat via4

advisories

rhsa
id RHSA-2014:0026
rhsa
id RHSA-2014:0027
rhsa
id RHSA-2014:0030

rpms

java-1.7.0-openjdk-1:1.7.0.51-2.4.4.1.el6_5
java-1.7.0-openjdk-debuginfo-1:1.7.0.51-2.4.4.1.el6_5
java-1.7.0-openjdk-demo-1:1.7.0.51-2.4.4.1.el6_5
java-1.7.0-openjdk-devel-1:1.7.0.51-2.4.4.1.el6_5
java-1.7.0-openjdk-javadoc-1:1.7.0.51-2.4.4.1.el6_5
java-1.7.0-openjdk-src-1:1.7.0.51-2.4.4.1.el6_5
java-1.7.0-openjdk-1:1.7.0.51-2.4.4.1.el5_10
java-1.7.0-openjdk-debuginfo-1:1.7.0.51-2.4.4.1.el5_10
java-1.7.0-openjdk-demo-1:1.7.0.51-2.4.4.1.el5_10
java-1.7.0-openjdk-devel-1:1.7.0.51-2.4.4.1.el5_10
java-1.7.0-openjdk-javadoc-1:1.7.0.51-2.4.4.1.el5_10
java-1.7.0-openjdk-src-1:1.7.0.51-2.4.4.1.el5_10
java-1.7.0-oracle-1:1.7.0.51-1jpp.1.el5_10
java-1.7.0-oracle-1:1.7.0.51-1jpp.1.el6_5
java-1.7.0-oracle-devel-1:1.7.0.51-1jpp.1.el5_10
java-1.7.0-oracle-devel-1:1.7.0.51-1jpp.1.el6_5
java-1.7.0-oracle-javafx-1:1.7.0.51-1jpp.1.el5_10
java-1.7.0-oracle-javafx-1:1.7.0.51-1jpp.1.el6_5
java-1.7.0-oracle-jdbc-1:1.7.0.51-1jpp.1.el5_10
java-1.7.0-oracle-jdbc-1:1.7.0.51-1jpp.1.el6_5
java-1.7.0-oracle-plugin-1:1.7.0.51-1jpp.1.el5_10
java-1.7.0-oracle-plugin-1:1.7.0.51-1jpp.1.el6_5
java-1.7.0-oracle-src-1:1.7.0.51-1jpp.1.el5_10
java-1.7.0-oracle-src-1:1.7.0.51-1jpp.1.el6_5

refmap via4

bid	64758 64863
confirm	http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html https://bugzilla.redhat.com/show_bug.cgi?id=1051549 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
hp	HPSBUX02972 SSRT101454
misc	http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/839100e42498
osvdb	102000
sectrack	1029608
secunia	56432 56485 56486 56535
suse	openSUSE-SU-2014:0174 openSUSE-SU-2014:0177 openSUSE-SU-2014:0180
ubuntu	USN-2089-1

Last major update

13-05-2022 - 14:57

Published

15-01-2014 - 16:08

Last modified

13-05-2022 - 14:57