Published: 15/01/2014 Updated: 13/05/2022

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to improper handling of methods in MethodHandles in HotSpot JVM, which allows malicious users to escape the sandbox.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle jre 1.7.0
oracle jdk 1.7.0

Several security issues were fixed in OpenJDK 7 ...

Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-170-openjdk packages that fix various security issues arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...

Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-170-oracle packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having crit ...

Synopsis Critical: java-170-openjdk security update Type/Severity Security Advisory: Critical Topic Updated java-170-openjdk packages that fix various security issues arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having criticalsecurity impac ...

An input validation flaw was discovered in the font layout engine in the 2D component A specially crafted font file could trigger Java Virtual Machine memory corruption when processed An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions (CVE-2013-5907) Multiple improper permission check issues ...

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/839100e42498 https://bugzilla.redhat.com/show_bug.cgi?id=1051549 http://www.securitytracker.com/id/1029608 http://www.securityfocus.com/bid/64863 http://osvdb.org/102000 http://secunia.com/advisories/56432 http://secunia.com/advisories/56485 http://secunia.com/advisories/56535 http://secunia.com/advisories/56486 http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html http://www.ubuntu.com/usn/USN-2089-1 http://rhn.redhat.com/errata/RHSA-2014-0027.html http://rhn.redhat.com/errata/RHSA-2014-0026.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html http://rhn.redhat.com/errata/RHSA-2014-0030.html http://marc.info/?l=bugtraq&m=139402697611681&w=2 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777 https://usn.ubuntu.com/2089-1/https://nvd.nist.gov

CVE-2013-5893

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect