CVE-2013-1518

Oracle Java SE <7.17,6.43,5.41 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."

References (25)

Core 25

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0758.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0757.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0752.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:145

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201406-32.xml

Various Sources mailing-list x_refsource_mlist

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/ncas/alerts/TA13-107A

Various Sources x_refsource_confirm

http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=137283787217316&w=2

Third Party Advisory x_refsource_confirm

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19451

Third Party Advisory x_refsource_confirm

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:161

Various Sources x_refsource_confirm

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxp/rev/38d4d23d167c

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1806-1

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16702

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/59141

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=952646

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19705

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Various Sources x_refsource_confirm

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

Scores

EPSS 0.0677

EPSS Percentile 91.4%

Details

Status published

Products (8)

oracle/jdk 1.7.0 (13 CPE variants)

oracle/jdk 1.6.0 update22 (17 CPE variants)

oracle/jdk 1.5.0 update36 (3 CPE variants)

oracle/jdk < 1.5.0

oracle/jdk < 1.6.0

oracle/jdk < 1.7.0

oracle/jre 1.7.0 (13 CPE variants)

oracle/jre 1.6.0 update22

Published Apr 17, 2013

Tracked Since Feb 18, 2026