CVE-2013-5838Improperly Implemented Security Check for Standard in Oracle JDK

CWE-358Improperly Implemented Security Check for Standard8 documents5 sources
Severity
9.3CRITICALNVD
EPSS
3.5%
top 12.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle JDKOracle JRE
Timeline
PublishedOct 16
Latest updateMay 17

Description

Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDoracle/jdk1.7.0+1
NVDoracle/jre1.7.0+1

🔴Vulnerability Details

1
GHSA
GHSA-5f5p-94mf-qrjx: Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality2022-05-17

📋Vendor Advisories

2
Red Hat
OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)2016-03-23
Red Hat
OpenJDK: Vulnerability in Libraries component (Libraries, 7023639)2013-10-15

🕵️Threat Intelligence

2
Qualys
Oracle out-of-band release for Java 0-day | Qualys2016-03-24
Qualys
Oracle out-of-band release for Java 0-day | Qualys2016-03-24

💬Community

2
Bugzilla
CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)2016-03-23
Bugzilla
CVE-2013-5838 OpenJDK: Vulnerability in Libraries component (Libraries, 7023639)2013-10-15
CVE-2013-5838 — Oracle JDK vulnerability | cvebase