CVE-2013-5800

MEDIUM

Description

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.

References

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html

http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html

http://rhn.redhat.com/errata/RHSA-2013-1440.html

http://rhn.redhat.com/errata/RHSA-2013-1447.html

http://rhn.redhat.com/errata/RHSA-2013-1451.html

http://rhn.redhat.com/errata/RHSA-2013-1507.html

http://secunia.com/advisories/56338

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

http://www.ubuntu.com/usn/USN-2089-1

http://www-01.ibm.com/support/docview.wss?uid=swg21655201

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19093

Details

Source: MITRE

Published: 2013-10-16

Updated: 2017-09-19

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:*:update_40:*:*:*:*:*:* versions up to 1.7.0 (inclusive)

Configuration 2

cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:*:update_40:*:*:*:*:*:* versions up to 1.7.0 (inclusive)

Tenable Plugins

View all (24 total)

ID	Name	Product	Family	Severity
76303	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	Nessus	Gentoo Local Security Checks	critical
75196	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:1663-1)	Nessus	SuSE Local Security Checks	critical
73970	IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities	Nessus	Windows	critical
73969	IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
73968	IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	critical
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
72117	Ubuntu 12.10 / 13.04 / 13.10 : openjdk-7 vulnerabilities (USN-2089-1)	Nessus	Ubuntu Local Security Checks	critical
71020	SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)	Nessus	SuSE Local Security Checks	critical
70967	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:267)	Nessus	Mandriva Local Security Checks	critical
70960	SuSE 11.2 / 11.3 Security Update : IBM Java 6 (SAT Patch Numbers 8549 / 8550)	Nessus	SuSE Local Security Checks	critical
70897	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)	Nessus	Amazon Linux Local Security Checks	critical
70873	SuSE 11.3 Security Update : OpenJDK 7 (SAT Patch Number 8494)	Nessus	SuSE Local Security Checks	critical
70791	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1507)	Nessus	Red Hat Local Security Checks	critical
70576	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20131022)	Nessus	Scientific Linux Local Security Checks	critical
70571	CentOS 6 : java-1.7.0-openjdk (CESA-2013:1451)	Nessus	CentOS Local Security Checks	critical
70554	RHEL 6 : java-1.7.0-openjdk (RHSA-2013:1451)	Nessus	Red Hat Local Security Checks	critical
70551	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-1451)	Nessus	Oracle Linux Local Security Checks	critical
70547	CentOS 5 : java-1.7.0-openjdk (CESA-2013:1447)	Nessus	CentOS Local Security Checks	critical
70537	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20131021)	Nessus	Scientific Linux Local Security Checks	critical
70536	RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)	Nessus	Red Hat Local Security Checks	critical
70535	Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-1447)	Nessus	Oracle Linux Local Security Checks	critical
70488	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:1440)	Nessus	Red Hat Local Security Checks	critical
70473	Oracle Java SE Multiple Vulnerabilities (October 2013 CPU) (Unix)	Nessus	Misc.	critical
70472	Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)	Nessus	Windows	critical