CVE-2013-5910Oracle JDK vulnerability

7 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
2.1%
top 16.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle JDKOracle JRE
Timeline
PublishedJan 15
Latest updateMay 13

Description

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDoracle/jdk1.6.0, 1.7.0+1
NVDoracle/jre1.6.0, 1.7.0+1

🔴Vulnerability Details

1
GHSA
GHSA-7rr9-w99c-9r9h: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknow2022-05-13

📋Vendor Advisories

4
Ubuntu
OpenJDK 6 regression2014-04-08
Ubuntu
OpenJDK 6 vulnerabilities2014-02-27
Ubuntu
OpenJDK 7 vulnerabilities2014-01-23
Red Hat
OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)2014-01-14

💬Community

1
Bugzilla
CVE-2013-5910 OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)2014-01-14
CVE-2013-5910 — Oracle JDK vulnerability | cvebase