cbcvebase.
CVE-2013-5842
published 2013-10-16

CVE-2013-5842: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier…

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
17.61%
96.8th percentile
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
oraclejdk<= 1.6.0
oraclejdk<= 1.7.0
oraclejdk<= 1.5.0
oraclejdk
oraclejdk
oraclejdk
oraclejre<= 1.6.0
oraclejre<= 1.7.0
oraclejre<= 1.5.0
oraclejre
oraclejre
oraclejre
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_workstation
redhatenterprise_linux_workstation

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2013-5842 involves missing checks in ObjectInputStream/ObjectOutputStream serialization handling that could allow an untrusted Java application or applet to bypass Java sandbox restrictions
  • The vulnerability is in the Libraries component of Java SE; monitor for exploitation via Java applets or applications using ObjectInputStream/ObjectOutputStream deserialization to escape the sandbox
  • ·Affects Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier; fixed in Java SE 7u45 and 6u65
  • ·Fixed in IcedTea7 2.4.3 and IcedTea6 1.11.14 and 1.12.7

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu6.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.