Vulnerabilities > CVE-2013-5806 - Unspecified vulnerability in Oracle JDK and JRE
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 36 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-OPENJDK-131104.NASL description This release updates our OpenJDK 7 support in the 2.4.x series with a number of security fixes and synchronises it with upstream development. The security issues fixed (a long list) can be found in the following link : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-October/025 087.html last seen 2020-06-05 modified 2013-11-13 plugin id 70873 published 2013-11-13 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70873 title SuSE 11.3 Security Update : OpenJDK 7 (SAT Patch Number 8494) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2089-1.NASL description Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896, CVE-2013-5910) Several vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820, CVE-2014-0376, CVE-2014-0416) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884, CVE-2014-0368) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850, CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408, CVE-2014-0422, CVE-2014-0428) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to expose sensitive data over the network or cause a denial of service. (CVE-2014-0423). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2014-01-24 plugin id 72117 published 2014-01-24 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72117 title Ubuntu 12.10 / 13.04 / 13.10 : openjdk-7 vulnerabilities (USN-2089-1) NASL family Windows NASL id ORACLE_JAVA_CPU_OCT_2013.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 45, 6 Update 65, or 5 Update 55. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - BEANS - CORBA - Deployment - JAX-WS - JAXP - JGSS - jhat - JNDI - JavaFX - Javadoc - Libraries - SCRIPTING - Security - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 70472 published 2013-10-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70472 title Oracle Java SE Multiple Vulnerabilities (October 2013 CPU) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-30.NASL description The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72139 published 2014-01-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72139 title GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-847.NASL description Update to icedtea 2.4.3 (bnc#846999) synchronized OpenJDK 7 support with the upstream u45 b31 fixes the following issues : - S8006900, CVE-2013-3829: Add new date/time capability - S8008589: Better MBean permission validation - S8011071, CVE-2013-5780: Better crypto provider handling - S8011081, CVE-2013-5772: Improve jhat - S8011157, CVE-2013-5814: Improve CORBA portablility - S8012071, CVE-2013-5790: Better Building of Beans - S8012147: Improve tool support - S8012277: CVE-2013-5849: Improve AWT DataFlavor - S8012425, CVE-2013-5802: Transform TransformerFactory - S8013503, CVE-2013-5851: Improve stream factories - S8013506: Better Pack200 data handling - S8013510, CVE-2013-5809: Augment image writing code - S8013514: Improve stability of cmap class - S8013739, CVE-2013-5817: Better LDAP resource management - S8013744, CVE-2013-5783: Better tabling for AWT - S8014085: Better serialization support in JMX classes - S8014093, CVE-2013-5782: Improve parsing of images - S8014098: Better profile validation - S8014102, CVE-2013-5778: Improve image conversion - S8014341, CVE-2013-5803: Better service from Kerberos servers - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations - S8014530, CVE-2013-5825: Better digital signature processing - S8014534: Better profiling support - S8014987, CVE-2013-5842: Augment serialization handling - S8015614: Update build settings - S8015731: Subject java.security.auth.subject to improvements - S8015743, CVE-2013-5774: Address internet addresses - S8016256: Make finalization final - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names - S8016675, CVE-2013-5797: Make Javadoc pages more robust - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately - S8017287, CVE-2013-5829: Better resource disposal - S8017291, CVE-2013-5830: Cast Proxies Aside - S8017298, CVE-2013-4002: Better XML support - S8017300, CVE-2013-5784: Improve Interface Implementation - S8017505, CVE-2013-5820: Better Client Service - S8019292: Better Attribute Value Exceptions - S8019617: Better view of objects - S8020293: JVM crash - S8021275, CVE-2013-5805: Better screening for ScreenMenu - S8021282, CVE-2013-5806: Better recycling of object instances - S8021286: Improve MacOS resourcing - S8021290, CVE-2013-5823: Better signature validation - S8022931, CVE-2013-5800: Enhance Kerberos exceptions - S8022940: Enhance CORBA translations - S8023683: Enhance class file parsing - Backports - S6614237: missing codepage Cp290 at java runtime - S8005932: Java 7 on mac os x only provides text clipboard formats - S8014046: (process) Runtime.exec(String) fails if command contains spaces [win] - S8015144: Performance regression in ICU OpenType Layout library - S8015965: (process) Typo in name of property to allow ambiguous commands - S8015978: Incorrect transformation of XPath expression last seen 2020-06-05 modified 2014-06-13 plugin id 75196 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75196 title openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:1663-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-32.NASL description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76303 published 2014-06-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76303 title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT) NASL family Misc. NASL id DOMINO_9_0_1_FP1.NASL description According to its version, the IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is, therefore, affected by the following vulnerabilities : - A stack overflow issue exists due to the insecure last seen 2020-06-01 modified 2020-06-02 plugin id 73968 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73968 title IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check) NASL family Windows NASL id LOTUS_NOTES_9_0_1_FP1.NASL description The remote host has a version of IBM Notes (formerly Lotus Notes) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014. last seen 2020-06-01 modified 2020-06-02 plugin id 73970 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73970 title IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities NASL family Misc. NASL id ORACLE_JAVA_CPU_OCT_2013_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 45, 6 Update 65, or 5 Update 55. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - BEANS - CORBA - Deployment - JAX-WS - JAXP - JGSS - jhat - JNDI - JavaFX - Javadoc - Libraries - SCRIPTING - Security - Swing last seen 2020-06-01 modified 2020-06-02 plugin id 70473 published 2013-10-17 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70473 title Oracle Java SE Multiple Vulnerabilities (October 2013 CPU) (Unix) NASL family Windows NASL id LOTUS_DOMINO_9_0_1_FP1.NASL description The remote host has a version of IBM Domino (formerly Lotus Domino) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014. last seen 2020-06-01 modified 2020-06-02 plugin id 73969 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73969 title IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)
Oval
accepted | 2014-02-10T04:00:08.464-05:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5805. | ||||||||
family | windows | ||||||||
id | oval:org.mitre.oval:def:18501 | ||||||||
status | accepted | ||||||||
submitted | 2013-10-24T16:31:26.748+04:00 | ||||||||
title | Unspecified vulnerability in Oracle Java SE 7u40 and earlier | ||||||||
version | 7 |
References
- http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
- http://marc.info/?l=bugtraq&m=138674073720143&w=2
- http://www.securityfocus.com/bid/63122
- http://www.ubuntu.com/usn/USN-2089-1
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18501