CVE-2013-5458
First published: Tue Nov 05 2013(Updated: )
An unspecified Java sandbox bypass issue in the XML component was fixed in IBM JDK 7 SR6. This issue got the following CVSSv2 score upstream: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C <a href="https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013">https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013</a> <a href="https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6">https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6</a> Further info is available in this WebSphere Real Time security bulletin: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R">http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R</a> <a href="https://access.redhat.com/security/cve/CVE-2013-5456">CVE-2013-5456</a>, <a href="https://access.redhat.com/security/cve/CVE-2013-5457">CVE-2013-5457</a> and <a href="https://access.redhat.com/security/cve/CVE-2013-5458">CVE-2013-5458</a> allow code running under a security manager to escalate its privileges by modifying or removing the security manager. Additional details may become available under this X-Force database article: <a href="http://xforce.iss.net/xforce/xfdb/88257">http://xforce.iss.net/xforce/xfdb/88257</a>
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10 | 1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10 |
| redhat/java | <1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4 | 1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4 |
| IBM Java | =7.0.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2013-1507.html
- http://secunia.com/advisories/56338
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV51328
- http://www-01.ibm.com/support/docview.wss?uid=swg21655201
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88257
- https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
- https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R
- https://access.redhat.com/security/cve/CVE-2013-5456
- https://access.redhat.com/security/cve/CVE-2013-5457
- https://access.redhat.com/security/cve/CVE-2013-5458
- http://xforce.iss.net/xforce/xfdb/88257
- https://rhn.redhat.com/errata/RHSA-2013-1507.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1027754
- https://www.cve.org/CVERecord?id=CVE-2013-5458 https://nvd.nist.gov/vuln/detail/CVE-2013-5458
- https://access.redhat.com/errata/RHSA-2013:1507
- collector/redhat-bugzilla
- alias/CVE-2013-5458
- collector/redhat-cve
- collector/nvd-index
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/references
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/ibm
- canonical/ibm java
- version/ibm java/7.0.0.0