CVE-2013-5842
published 2013-10-16CVE-2013-5842: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier…
PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
17.61%
96.8th percentile
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| oracle | jdk | <= 1.6.0 | — |
| oracle | jdk | <= 1.7.0 | — |
| oracle | jdk | <= 1.5.0 | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jdk | — | — |
| oracle | jre | <= 1.6.0 | — |
| oracle | jre | <= 1.7.0 | — |
| oracle | jre | <= 1.5.0 | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| oracle | jre | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2013-5842 involves missing checks in ObjectInputStream/ObjectOutputStream serialization handling that could allow an untrusted Java application or applet to bypass Java sandbox restrictions ↗
- →The vulnerability is in the Libraries component of Java SE; monitor for exploitation via Java applets or applications using ObjectInputStream/ObjectOutputStream deserialization to escape the sandbox ↗
- ·Affects Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier; fixed in Java SE 7u45 and 6u65 ↗
- ·Fixed in IcedTea7 2.4.3 and IcedTea6 1.11.14 and 1.12.7 ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
vendor_ubuntu6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vmv2-mj2q-xc6j: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2013-5842 [CRITICAL] GHSA-vmv2-mj2q-xc6j: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.
GHSA
GHSA-x5jv-3m34-q996: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5
ghsa_unreviewed·2022-05-14·CVSS 10.0
CVE-2013-5850 [CRITICAL] GHSA-x5jv-3m34-q996: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.
Ubuntu
OpenJDK 7 vulnerabilities
vendor_ubuntu·2014-01-23·CVSS 6.4
CVE-2013-5817 [MEDIUM] OpenJDK 7 vulnerabilities
Title: OpenJDK 7 vulnerabilities
Summary: Several security issues were fixed in OpenJDK 7.
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783,
CVE-2013-5804, CVE-2014-0411)
Several vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896,
CVE-2013-5910)
Several vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,
CVE-2013-5820, CVE-2014-0376, CVE-2014-0416)
Several vulnerabilities we
Ubuntu
OpenJDK 6 vulnerabilities
vendor_ubuntu·2013-11-21·CVSS 6.4
CVE-2013-3829 [MEDIUM] OpenJDK 6 vulnerabilities
Title: OpenJDK 6 vulnerabilities
Summary: Several security issues were fixed in OpenJDK 6.
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783,
CVE-2013-5804)
Several vulnerabilities were discovered in the OpenJDK JRE related to
availability. An attacker could exploit these to cause a denial of service.
(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)
Several vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,
CVE-2013-5820)
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An atta
Red Hat
OpenJDK: Missing CORBA security checks (Libraries, 8017196)
vendor_redhat·2013-10-15·CVSS 10.0
CVE-2013-5850 [CRITICAL] OpenJDK: Missing CORBA security checks (Libraries, 8017196)
OpenJDK: Missing CORBA security checks (Libraries, 8017196)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 5) - Not affected
Package: java-1.5.0-ibm (Red Hat Enterprise Linux 6) - Not affected
Red Hat
OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987)
vendor_redhat·2013-10-15·CVSS 10.0
CVE-2013-5842 [CRITICAL] OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987)
OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5850.
No detection rules found.
No public exploits indexed.
http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlhttp://marc.info/?l=bugtraq&m=138674031212883&w=2http://marc.info/?l=bugtraq&m=138674073720143&w=2http://osvdb.org/98532http://rhn.redhat.com/errata/RHSA-2013-1440.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1447.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1451.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1505.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1507.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1508.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1509.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1793.htmlhttp://secunia.com/advisories/56338http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://support.apple.com/kb/HT5982http://www-01.ibm.com/support/docview.wss?uid=swg21655201http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.securityfocus.com/bid/63150http://www.ubuntu.com/usn/USN-2033-1http://www.ubuntu.com/usn/USN-2089-1http://www.zerodayinitiative.com/advisories/ZDI-13-246/https://access.redhat.com/errata/RHSA-2014:0414https://bugzilla.redhat.com/show_bug.cgi?id=1019123https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18436http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00023.htmlhttp://marc.info/?l=bugtraq&m=138674031212883&w=2http://marc.info/?l=bugtraq&m=138674073720143&w=2http://osvdb.org/98532http://rhn.redhat.com/errata/RHSA-2013-1440.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1447.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1451.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1505.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1507.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1508.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1509.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1793.htmlhttp://secunia.com/advisories/56338http://security.gentoo.org/glsa/glsa-201406-32.xmlhttp://support.apple.com/kb/HT5982http://www-01.ibm.com/support/docview.wss?uid=swg21655201http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.htmlhttp://www.securityfocus.com/bid/63150http://www.ubuntu.com/usn/USN-2033-1http://www.ubuntu.com/usn/USN-2089-1http://www.zerodayinitiative.com/advisories/ZDI-13-246/https://access.redhat.com/errata/RHSA-2014:0414https://bugzilla.redhat.com/show_bug.cgi?id=1019123https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18436
2013-10-16
Published