CVE-2013-5878Oracle JDK vulnerability

7 documents5 sources
Severity
7.5HIGHNVD
EPSS
4.5%
top 10.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle JDKOracle JRE
Timeline
PublishedJan 15
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDoracle/jdk1.6.0
NVDoracle/jre1.6.0, 1.7.0+1

🔴Vulnerability Details

1
GHSA
GHSA-v5jp-9wvr-f556: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, int2022-05-13

📋Vendor Advisories

4
Ubuntu
OpenJDK 6 regression2014-04-08
Ubuntu
OpenJDK 6 vulnerabilities2014-02-27
Ubuntu
OpenJDK 7 vulnerabilities2014-01-23
Red Hat
OpenJDK: null xmlns handling issue (Security, 8025026)2014-01-14

💬Community

1
Bugzilla
CVE-2013-5878 OpenJDK: null xmlns handling issue (Security, 8025026)2014-01-11
CVE-2013-5878 — Oracle JDK vulnerability | cvebase