CVE-2013-5820
First published: Mon Oct 14 2013(Updated: )
It was discovered that the JAXWS component of OpenJDK failed to perform security checks properly. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions because of insufficient checks when invoking object methods, or because of insufficient object type checks.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea | <2.4.3 | 2.4.3 |
| redhat/icedtea | <1.11.14 | 1.11.14 |
| redhat/icedtea | <1.12.7 | 1.12.7 |
| Oracle OpenJDK 1.8.0 | <=1.7.0 | |
| Oracle OpenJDK 1.8.0 | =1.7.0 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update1 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update10 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update11 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update13 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update15 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update17 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update2 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update21 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update25 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update3 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update4 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update5 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update6 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update7 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update9 | |
| Oracle OpenJDK 1.8.0 | <=1.6.0 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update22 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update23 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update24 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update25 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update26 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update27 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update29 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update30 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update31 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update32 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update33 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update34 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update35 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update37 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update38 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update39 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update41 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update43 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update45 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update51 | |
| Java Development Kit (JDK) | =1.6.0 | |
| Java Development Kit (JDK) | =1.6.0-update_10 | |
| Java Development Kit (JDK) | =1.6.0-update_11 | |
| Java Development Kit (JDK) | =1.6.0-update_12 | |
| Java Development Kit (JDK) | =1.6.0-update_13 | |
| Java Development Kit (JDK) | =1.6.0-update_14 | |
| Java Development Kit (JDK) | =1.6.0-update_15 | |
| Java Development Kit (JDK) | =1.6.0-update_16 | |
| Java Development Kit (JDK) | =1.6.0-update_17 | |
| Java Development Kit (JDK) | =1.6.0-update_18 | |
| Java Development Kit (JDK) | =1.6.0-update_19 | |
| Java Development Kit (JDK) | =1.6.0-update_20 | |
| Java Development Kit (JDK) | =1.6.0-update_21 | |
| Java Development Kit (JDK) | =1.6.0-update_3 | |
| Java Development Kit (JDK) | =1.6.0-update_4 | |
| Java Development Kit (JDK) | =1.6.0-update_5 | |
| Java Development Kit (JDK) | =1.6.0-update_6 | |
| Java Development Kit (JDK) | =1.6.0-update_7 | |
| Java Development Kit (JDK) | =1.6.0-update1 | |
| Java Development Kit (JDK) | =1.6.0-update1_b06 | |
| Java Development Kit (JDK) | =1.6.0-update2 | |
| Oracle JRE | <=1.7.0 | |
| Oracle JRE | =1.7.0 | |
| Oracle JRE | =1.7.0-update1 | |
| Oracle JRE | =1.7.0-update10 | |
| Oracle JRE | =1.7.0-update11 | |
| Oracle JRE | =1.7.0-update13 | |
| Oracle JRE | =1.7.0-update15 | |
| Oracle JRE | =1.7.0-update17 | |
| Oracle JRE | =1.7.0-update2 | |
| Oracle JRE | =1.7.0-update21 | |
| Oracle JRE | =1.7.0-update25 | |
| Oracle JRE | =1.7.0-update3 | |
| Oracle JRE | =1.7.0-update4 | |
| Oracle JRE | =1.7.0-update5 | |
| Oracle JRE | =1.7.0-update6 | |
| Oracle JRE | =1.7.0-update7 | |
| Oracle JRE | =1.7.0-update9 | |
| Oracle JRE | <=1.6.0 | |
| Oracle JRE | =1.6.0-update22 | |
| Oracle JRE | =1.6.0-update23 | |
| Oracle JRE | =1.6.0-update24 | |
| Oracle JRE | =1.6.0-update25 | |
| Oracle JRE | =1.6.0-update26 | |
| Oracle JRE | =1.6.0-update27 | |
| Oracle JRE | =1.6.0-update29 | |
| Oracle JRE | =1.6.0-update30 | |
| Oracle JRE | =1.6.0-update31 | |
| Oracle JRE | =1.6.0-update32 | |
| Oracle JRE | =1.6.0-update33 | |
| Oracle JRE | =1.6.0-update34 | |
| Oracle JRE | =1.6.0-update35 | |
| Oracle JRE | =1.6.0-update37 | |
| Oracle JRE | =1.6.0-update38 | |
| Oracle JRE | =1.6.0-update39 | |
| Oracle JRE | =1.6.0-update41 | |
| Oracle JRE | =1.6.0-update43 | |
| Oracle JRE | =1.6.0-update45 | |
| Oracle JRE | =1.6.0-update51 | |
| Sun Java Runtime Environment (JRE) | =1.6.0 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_1 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_10 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_11 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_12 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_13 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_14 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_15 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_16 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_17 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_18 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_19 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_2 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_20 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_21 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_3 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_4 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_5 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_6 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_7 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
- http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
- http://marc.info/?l=bugtraq&m=138674031212883&w=2
- http://marc.info/?l=bugtraq&m=138674073720143&w=2
- http://rhn.redhat.com/errata/RHSA-2013-1440.html
- http://rhn.redhat.com/errata/RHSA-2013-1447.html
- http://rhn.redhat.com/errata/RHSA-2013-1451.html
- http://rhn.redhat.com/errata/RHSA-2013-1505.html
- http://rhn.redhat.com/errata/RHSA-2013-1507.html
- http://rhn.redhat.com/errata/RHSA-2013-1508.html
- http://rhn.redhat.com/errata/RHSA-2013-1793.html
- http://secunia.com/advisories/56338
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://support.apple.com/kb/HT5982
- http://www-01.ibm.com/support/docview.wss?uid=swg21655201
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
- http://www.securityfocus.com/bid/63133
- http://www.ubuntu.com/usn/USN-2033-1
- http://www.ubuntu.com/usn/USN-2089-1
- https://access.redhat.com/errata/RHSA-2014:0414
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19206
- http://hg.openjdk.java.net/jdk7u/jdk7u/jaxws/rev/76e34b113c91
- https://rhn.redhat.com/errata/RHSA-2013-1440.html
- https://rhn.redhat.com/errata/RHSA-2013-1447.html
- https://rhn.redhat.com/errata/RHSA-2013-1451.html
- https://rhn.redhat.com/errata/RHSA-2013-1505.html
- https://rhn.redhat.com/errata/RHSA-2013-1508.html
- https://rhn.redhat.com/errata/RHSA-2013-1507.html
- https://rhn.redhat.com/errata/RHSA-2013-1793.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-October/025087.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-November/025278.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-November/025328.html
- https://rhn.redhat.com/errata/RHSA-2014-0414.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1018972
Frequently Asked Questions
What is the severity of CVE-2013-5820?
CVE-2013-5820 has been classified with a medium severity rating due to the potential for untrusted Java applications to bypass security checks.
How do I fix CVE-2013-5820?
To fix CVE-2013-5820, you should update OpenJDK to versions 2.4.3 or later for the IcedTea package, or upgrade to the latest versions of Oracle JDK and JRE.
Which software is affected by CVE-2013-5820?
CVE-2013-5820 affects multiple versions of OpenJDK, Oracle JDK, and Oracle JRE including specific updates of IcedTea up to version 2.4.3.
What are the potential impacts of CVE-2013-5820?
The potential impact of CVE-2013-5820 includes unauthorized access to restricted resources within Java applications due to insufficient sandbox protection.
Is CVE-2013-5820 associated with any specific Java versions?
Yes, CVE-2013-5820 affects various versions of Oracle JDK, particularly 1.6.0 and 1.7.0, up to update 45.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-5820
- agent/software-canonical-lookup
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/oracle
- canonical/oracle openjdk 1.8.0
- version/oracle openjdk 1.8.0/1.7.0
- version/oracle openjdk 1.8.0/1.7.0-update1
- version/oracle openjdk 1.8.0/1.7.0-update10
- version/oracle openjdk 1.8.0/1.7.0-update11
- version/oracle openjdk 1.8.0/1.7.0-update13
- version/oracle openjdk 1.8.0/1.7.0-update15
- version/oracle openjdk 1.8.0/1.7.0-update17
- version/oracle openjdk 1.8.0/1.7.0-update2
- version/oracle openjdk 1.8.0/1.7.0-update21
- version/oracle openjdk 1.8.0/1.7.0-update25
- version/oracle openjdk 1.8.0/1.7.0-update3
- version/oracle openjdk 1.8.0/1.7.0-update4
- version/oracle openjdk 1.8.0/1.7.0-update5
- version/oracle openjdk 1.8.0/1.7.0-update6
- version/oracle openjdk 1.8.0/1.7.0-update7
- version/oracle openjdk 1.8.0/1.7.0-update9
- version/oracle openjdk 1.8.0/1.6.0
- version/oracle openjdk 1.8.0/1.6.0-update22
- version/oracle openjdk 1.8.0/1.6.0-update23
- version/oracle openjdk 1.8.0/1.6.0-update24
- version/oracle openjdk 1.8.0/1.6.0-update25
- version/oracle openjdk 1.8.0/1.6.0-update26
- version/oracle openjdk 1.8.0/1.6.0-update27
- version/oracle openjdk 1.8.0/1.6.0-update29
- version/oracle openjdk 1.8.0/1.6.0-update30
- version/oracle openjdk 1.8.0/1.6.0-update31
- version/oracle openjdk 1.8.0/1.6.0-update32
- version/oracle openjdk 1.8.0/1.6.0-update33
- version/oracle openjdk 1.8.0/1.6.0-update34
- version/oracle openjdk 1.8.0/1.6.0-update35
- version/oracle openjdk 1.8.0/1.6.0-update37
- version/oracle openjdk 1.8.0/1.6.0-update38
- version/oracle openjdk 1.8.0/1.6.0-update39
- version/oracle openjdk 1.8.0/1.6.0-update41
- version/oracle openjdk 1.8.0/1.6.0-update43
- version/oracle openjdk 1.8.0/1.6.0-update45
- version/oracle openjdk 1.8.0/1.6.0-update51
- vendor/sun
- canonical/java development kit (jdk)
- version/java development kit (jdk)/1.6.0
- version/java development kit (jdk)/1.6.0-update_10
- version/java development kit (jdk)/1.6.0-update_11
- version/java development kit (jdk)/1.6.0-update_12
- version/java development kit (jdk)/1.6.0-update_13
- version/java development kit (jdk)/1.6.0-update_14
- version/java development kit (jdk)/1.6.0-update_15
- version/java development kit (jdk)/1.6.0-update_16
- version/java development kit (jdk)/1.6.0-update_17
- version/java development kit (jdk)/1.6.0-update_18
- version/java development kit (jdk)/1.6.0-update_19
- version/java development kit (jdk)/1.6.0-update_20
- version/java development kit (jdk)/1.6.0-update_21
- version/java development kit (jdk)/1.6.0-update_3
- version/java development kit (jdk)/1.6.0-update_4
- version/java development kit (jdk)/1.6.0-update_5
- version/java development kit (jdk)/1.6.0-update_6
- version/java development kit (jdk)/1.6.0-update_7
- version/java development kit (jdk)/1.6.0-update1
- version/java development kit (jdk)/1.6.0-update1_b06
- version/java development kit (jdk)/1.6.0-update2
- canonical/oracle jre
- version/oracle jre/1.7.0
- version/oracle jre/1.7.0-update1
- version/oracle jre/1.7.0-update10
- version/oracle jre/1.7.0-update11
- version/oracle jre/1.7.0-update13
- version/oracle jre/1.7.0-update15
- version/oracle jre/1.7.0-update17
- version/oracle jre/1.7.0-update2
- version/oracle jre/1.7.0-update21
- version/oracle jre/1.7.0-update25
- version/oracle jre/1.7.0-update3
- version/oracle jre/1.7.0-update4
- version/oracle jre/1.7.0-update5
- version/oracle jre/1.7.0-update6
- version/oracle jre/1.7.0-update7
- version/oracle jre/1.7.0-update9
- version/oracle jre/1.6.0
- version/oracle jre/1.6.0-update22
- version/oracle jre/1.6.0-update23
- version/oracle jre/1.6.0-update24
- version/oracle jre/1.6.0-update25
- version/oracle jre/1.6.0-update26
- version/oracle jre/1.6.0-update27
- version/oracle jre/1.6.0-update29
- version/oracle jre/1.6.0-update30
- version/oracle jre/1.6.0-update31
- version/oracle jre/1.6.0-update32
- version/oracle jre/1.6.0-update33
- version/oracle jre/1.6.0-update34
- version/oracle jre/1.6.0-update35
- version/oracle jre/1.6.0-update37
- version/oracle jre/1.6.0-update38
- version/oracle jre/1.6.0-update39
- version/oracle jre/1.6.0-update41
- version/oracle jre/1.6.0-update43
- version/oracle jre/1.6.0-update45
- version/oracle jre/1.6.0-update51
- canonical/sun java runtime environment (jre)
- version/sun java runtime environment (jre)/1.6.0
- version/sun java runtime environment (jre)/1.6.0-update_1
- version/sun java runtime environment (jre)/1.6.0-update_10
- version/sun java runtime environment (jre)/1.6.0-update_11
- version/sun java runtime environment (jre)/1.6.0-update_12
- version/sun java runtime environment (jre)/1.6.0-update_13
- version/sun java runtime environment (jre)/1.6.0-update_14
- version/sun java runtime environment (jre)/1.6.0-update_15
- version/sun java runtime environment (jre)/1.6.0-update_16
- version/sun java runtime environment (jre)/1.6.0-update_17
- version/sun java runtime environment (jre)/1.6.0-update_18
- version/sun java runtime environment (jre)/1.6.0-update_19
- version/sun java runtime environment (jre)/1.6.0-update_2
- version/sun java runtime environment (jre)/1.6.0-update_20
- version/sun java runtime environment (jre)/1.6.0-update_21
- version/sun java runtime environment (jre)/1.6.0-update_3
- version/sun java runtime environment (jre)/1.6.0-update_4
- version/sun java runtime environment (jre)/1.6.0-update_5
- version/sun java runtime environment (jre)/1.6.0-update_6
- version/sun java runtime environment (jre)/1.6.0-update_7
- version/sun java runtime environment (jre)/1.6.0-update_9