CVE-2013-5823 — Oracle JDK vulnerability

8 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

4.9%

top 10.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE Oracle Jrockit +2 more

Timeline

PublishedOct 16

Latest updateMay 14

Description

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDoracle/jrockitr27.7.6+19

▶NVDoracle/jdk1.6.0+3

▶NVDoracle/jre1.7.0+3

▶NVDsun/jdk1.6.0

▶NVDsun/jre1.6.0

🔴Vulnerability Details

OSV

Apache XML Security For Java vulnerable to Infinite Loop↗2022-05-14

▶

GHSA

Apache XML Security For Java vulnerable to Infinite Loop↗2022-05-14

▶

CVEList

CVE-2013-5823: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28↗2013-10-16

▶

📋Vendor Advisories

Ubuntu

OpenJDK 7 vulnerabilities↗2014-01-23

▶

Ubuntu

OpenJDK 6 vulnerabilities↗2013-11-21

▶

Red Hat

OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290)↗2013-10-15

▶

💬Community

Bugzilla

CVE-2013-5823 OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290)↗2013-10-15

▶