CVE-2013-5838

HIGH

Description

Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

References

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html

http://marc.info/?l=bugtraq&m=138674073720143&w=2

http://osvdb.org/98536

http://rhn.redhat.com/errata/RHSA-2013-1440.html

http://rhn.redhat.com/errata/RHSA-2013-1447.html

http://rhn.redhat.com/errata/RHSA-2013-1451.html

http://rhn.redhat.com/errata/RHSA-2013-1507.html

http://secunia.com/advisories/56338

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

http://www.securityfocus.com/bid/63131

http://www-01.ibm.com/support/docview.wss?uid=swg21655201

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19141

Details

Source: MITRE

Published: 2013-10-16

Updated: 2017-09-19

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:*:update25:*:*:*:*:*:* versions up to 1.7.0 (inclusive)

cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

Configuration 2

cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:*:update25:*:*:*:*:*:* versions up to 1.7.0 (inclusive)

cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

ID	Name	Product	Family	Severity
73970	IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities	Nessus	Windows	critical
73969	IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
73968	IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	critical
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
71020	SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)	Nessus	SuSE Local Security Checks	critical
70967	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:267)	Nessus	Mandriva Local Security Checks	critical
70960	SuSE 11.2 / 11.3 Security Update : IBM Java 6 (SAT Patch Numbers 8549 / 8550)	Nessus	SuSE Local Security Checks	critical
70897	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)	Nessus	Amazon Linux Local Security Checks	critical
70791	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1507)	Nessus	Red Hat Local Security Checks	critical
70576	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20131022)	Nessus	Scientific Linux Local Security Checks	critical
70571	CentOS 6 : java-1.7.0-openjdk (CESA-2013:1451)	Nessus	CentOS Local Security Checks	critical
70554	RHEL 6 : java-1.7.0-openjdk (RHSA-2013:1451)	Nessus	Red Hat Local Security Checks	critical
70551	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-1451)	Nessus	Oracle Linux Local Security Checks	critical
70547	CentOS 5 : java-1.7.0-openjdk (CESA-2013:1447)	Nessus	CentOS Local Security Checks	critical
70537	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20131021)	Nessus	Scientific Linux Local Security Checks	critical
70536	RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)	Nessus	Red Hat Local Security Checks	critical
70535	Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-1447)	Nessus	Oracle Linux Local Security Checks	critical
70488	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:1440)	Nessus	Red Hat Local Security Checks	critical
70473	Oracle Java SE Multiple Vulnerabilities (October 2013 CPU) (Unix)	Nessus	Misc.	critical
70472	Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)	Nessus	Windows	critical