CVE-2013-5878

EUVD-2013-5712
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.  NOTE: the previous information is from the January 2014 CPU.  Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
oraclejdk
1.6.0
oraclejre
1.6.0
oraclejre
1.7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
lucid
Fixed 6b30-1.13.1-1ubuntu2~0.10.04.1
released
precise
Fixed 6b30-1.13.1-1ubuntu2~0.12.04.1
released
quantal
Fixed 6b30-1.13.1-1ubuntu2~0.12.10.1
released
raring
ignored
saucy
Fixed 6b30-1.13.1-1ubuntu2~0.13.10.1
released
openjdk-7
lucid
dne
precise
Fixed 7u51-2.4.4-0ubuntu0.12.04.2
released
quantal
Fixed 7u51-2.4.4-0ubuntu0.12.10.2
released
raring
Fixed 7u51-2.4.4-0ubuntu0.13.04.2
released
saucy
Fixed 7u51-2.4.4-0ubuntu0.13.10.1
released
References
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
http://marc.info/?l=bugtraq&m=139402697611681&w=2
http://marc.info/?l=bugtraq&m=139402749111889&w=2
http://osvdb.org/102005
http://rhn.redhat.com/errata/RHSA-2014-0026.html
http://rhn.redhat.com/errata/RHSA-2014-0027.html
http://rhn.redhat.com/errata/RHSA-2014-0030.html
http://rhn.redhat.com/errata/RHSA-2014-0097.html
http://rhn.redhat.com/errata/RHSA-2014-0134.html
http://rhn.redhat.com/errata/RHSA-2014-0135.html
http://secunia.com/advisories/56432
http://secunia.com/advisories/56485
http://secunia.com/advisories/56486
http://secunia.com/advisories/56535
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/64927
http://www.securitytracker.com/id/1029608
http://www.ubuntu.com/usn/USN-2089-1
http://www.ubuntu.com/usn/USN-2124-1
https://access.redhat.com/errata/RHSA-2014:0414
https://bugzilla.redhat.com/show_bug.cgi?id=1051823
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
http://marc.info/?l=bugtraq&m=139402697611681&w=2
http://marc.info/?l=bugtraq&m=139402749111889&w=2
http://osvdb.org/102005
http://rhn.redhat.com/errata/RHSA-2014-0026.html
http://rhn.redhat.com/errata/RHSA-2014-0027.html
http://rhn.redhat.com/errata/RHSA-2014-0030.html
http://rhn.redhat.com/errata/RHSA-2014-0097.html
http://rhn.redhat.com/errata/RHSA-2014-0134.html
http://rhn.redhat.com/errata/RHSA-2014-0135.html
http://secunia.com/advisories/56432
http://secunia.com/advisories/56485
http://secunia.com/advisories/56486
http://secunia.com/advisories/56535
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/64927
http://www.securitytracker.com/id/1029608
http://www.ubuntu.com/usn/USN-2089-1
http://www.ubuntu.com/usn/USN-2124-1
https://access.redhat.com/errata/RHSA-2014:0414
https://bugzilla.redhat.com/show_bug.cgi?id=1051823
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777