medium
4.3
Advisory Published
CVE Published
Updated

CVE-2013-5784

First published: Mon Oct 14 2013(Updated: )

It was discovered that InterfaceImplementor class in the Scripting component of OpenJDK failed to perform security checks properly. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions because of insufficient checks of interface access level modifiers, package restrictions, or instance class loader. The fix also marks the com.sun.script. package restricted by adding it to the package.access properly list in the java.security file.

Credit: secalert_us@oracle.com

Affected SoftwareAffected VersionHow to fix
redhat/icedtea<2.4.3
2.4.3
redhat/icedtea<1.11.14
1.11.14
redhat/icedtea<1.12.7
1.12.7
Oracle Java SE JDK and JRE<=1.7.0
Oracle Java SE JDK and JRE=1.7.0
Oracle Java SE JDK and JRE=1.7.0-update1
Oracle Java SE JDK and JRE=1.7.0-update10
Oracle Java SE JDK and JRE=1.7.0-update11
Oracle Java SE JDK and JRE=1.7.0-update13
Oracle Java SE JDK and JRE=1.7.0-update15
Oracle Java SE JDK and JRE=1.7.0-update17
Oracle Java SE JDK and JRE=1.7.0-update2
Oracle Java SE JDK and JRE=1.7.0-update21
Oracle Java SE JDK and JRE=1.7.0-update25
Oracle Java SE JDK and JRE=1.7.0-update3
Oracle Java SE JDK and JRE=1.7.0-update4
Oracle Java SE JDK and JRE=1.7.0-update5
Oracle Java SE JDK and JRE=1.7.0-update6
Oracle Java SE JDK and JRE=1.7.0-update7
Oracle Java SE JDK and JRE=1.7.0-update9
Oracle Java SE JDK and JRE<=1.6.0
Oracle Java SE JDK and JRE=1.6.0-update22
Oracle Java SE JDK and JRE=1.6.0-update23
Oracle Java SE JDK and JRE=1.6.0-update24
Oracle Java SE JDK and JRE=1.6.0-update25
Oracle Java SE JDK and JRE=1.6.0-update26
Oracle Java SE JDK and JRE=1.6.0-update27
Oracle Java SE JDK and JRE=1.6.0-update29
Oracle Java SE JDK and JRE=1.6.0-update30
Oracle Java SE JDK and JRE=1.6.0-update31
Oracle Java SE JDK and JRE=1.6.0-update32
Oracle Java SE JDK and JRE=1.6.0-update33
Oracle Java SE JDK and JRE=1.6.0-update34
Oracle Java SE JDK and JRE=1.6.0-update35
Oracle Java SE JDK and JRE=1.6.0-update37
Oracle Java SE JDK and JRE=1.6.0-update38
Oracle Java SE JDK and JRE=1.6.0-update39
Oracle Java SE JDK and JRE=1.6.0-update41
Oracle Java SE JDK and JRE=1.6.0-update43
Oracle Java SE JDK and JRE=1.6.0-update45
Oracle Java SE JDK and JRE=1.6.0-update51
Sun Java Runtime Environment (JRE)=1.6.0
Sun Java Runtime Environment (JRE)=1.6.0-update_1
Sun Java Runtime Environment (JRE)=1.6.0-update_10
Sun Java Runtime Environment (JRE)=1.6.0-update_11
Sun Java Runtime Environment (JRE)=1.6.0-update_12
Sun Java Runtime Environment (JRE)=1.6.0-update_13
Sun Java Runtime Environment (JRE)=1.6.0-update_14
Sun Java Runtime Environment (JRE)=1.6.0-update_15
Sun Java Runtime Environment (JRE)=1.6.0-update_16
Sun Java Runtime Environment (JRE)=1.6.0-update_17
Sun Java Runtime Environment (JRE)=1.6.0-update_18
Sun Java Runtime Environment (JRE)=1.6.0-update_19
Sun Java Runtime Environment (JRE)=1.6.0-update_2
Sun Java Runtime Environment (JRE)=1.6.0-update_20
Sun Java Runtime Environment (JRE)=1.6.0-update_21
Sun Java Runtime Environment (JRE)=1.6.0-update_3
Sun Java Runtime Environment (JRE)=1.6.0-update_4
Sun Java Runtime Environment (JRE)=1.6.0-update_5
Sun Java Runtime Environment (JRE)=1.6.0-update_6
Sun Java Runtime Environment (JRE)=1.6.0-update_7
Sun Java Runtime Environment (JRE)=1.6.0-update_9
Oracle JDK<=1.7.0
Oracle JDK=1.7.0
Oracle JDK=1.7.0-update1
Oracle JDK=1.7.0-update10
Oracle JDK=1.7.0-update11
Oracle JDK=1.7.0-update13
Oracle JDK=1.7.0-update15
Oracle JDK=1.7.0-update17
Oracle JDK=1.7.0-update2
Oracle JDK=1.7.0-update21
Oracle JDK=1.7.0-update25
Oracle JDK=1.7.0-update3
Oracle JDK=1.7.0-update4
Oracle JDK=1.7.0-update5
Oracle JDK=1.7.0-update6
Oracle JDK=1.7.0-update7
Oracle JDK=1.7.0-update9
Oracle JDK<=1.6.0
Oracle JDK=1.6.0-update22
Oracle JDK=1.6.0-update23
Oracle JDK=1.6.0-update24
Oracle JDK=1.6.0-update25
Oracle JDK=1.6.0-update26
Oracle JDK=1.6.0-update27
Oracle JDK=1.6.0-update29
Oracle JDK=1.6.0-update30
Oracle JDK=1.6.0-update31
Oracle JDK=1.6.0-update32
Oracle JDK=1.6.0-update33
Oracle JDK=1.6.0-update34
Oracle JDK=1.6.0-update35
Oracle JDK=1.6.0-update37
Oracle JDK=1.6.0-update38
Oracle JDK=1.6.0-update39
Oracle JDK=1.6.0-update41
Oracle JDK=1.6.0-update43
Oracle JDK=1.6.0-update45
Oracle JDK=1.6.0-update51
Java Development Kit (JDK)=1.6.0
Java Development Kit (JDK)=1.6.0-update_10
Java Development Kit (JDK)=1.6.0-update_11
Java Development Kit (JDK)=1.6.0-update_12
Java Development Kit (JDK)=1.6.0-update_13
Java Development Kit (JDK)=1.6.0-update_14
Java Development Kit (JDK)=1.6.0-update_15
Java Development Kit (JDK)=1.6.0-update_16
Java Development Kit (JDK)=1.6.0-update_17
Java Development Kit (JDK)=1.6.0-update_18
Java Development Kit (JDK)=1.6.0-update_19
Java Development Kit (JDK)=1.6.0-update_20
Java Development Kit (JDK)=1.6.0-update_21
Java Development Kit (JDK)=1.6.0-update_3
Java Development Kit (JDK)=1.6.0-update_4
Java Development Kit (JDK)=1.6.0-update_5
Java Development Kit (JDK)=1.6.0-update_6
Java Development Kit (JDK)=1.6.0-update_7
Java Development Kit (JDK)=1.6.0-update1
Java Development Kit (JDK)=1.6.0-update1_b06
Java Development Kit (JDK)=1.6.0-update2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2013-5784?

    CVE-2013-5784 is classified as a high severity vulnerability due to its potential to bypass Java sandbox restrictions.

  • How do I fix CVE-2013-5784?

    To fix CVE-2013-5784, update to the latest version of the affected Java Runtime Environment or Development Kit.

  • Which software is affected by CVE-2013-5784?

    CVE-2013-5784 affects various versions of Oracle JRE and JDK, as well as specific versions of the IcedTea package.

  • Can CVE-2013-5784 be exploited remotely?

    Yes, CVE-2013-5784 can be exploited remotely by malicious Java applications or applets.

  • What are the potential impacts of CVE-2013-5784?

    The potential impacts of CVE-2013-5784 include unauthorized access to restricted system resources.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203