CVE-2013-5884
First published: Sun Jan 12 2014(Updated: )
It was discovered that the CORBA stub factories did not properly check code permissions. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea | <2.4.4 | 2.4.4 |
| redhat/icedtea | <2.3.13 | 2.3.13 |
| redhat/icedtea | <1.12.8 | 1.12.8 |
| redhat/icedtea | <1.13.1 | 1.13.1 |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update45 | |
| Oracle JDK 6 | =1.5.0-update55 | |
| Oracle Java Runtime Environment (JRE) | =1.5.0-update55 | |
| Oracle JDK 6 | =1.6.0-update65 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update65 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/b1548473f261
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
- http://marc.info/?l=bugtraq&m=139402697611681&w=2
- http://marc.info/?l=bugtraq&m=139402749111889&w=2
- http://osvdb.org/102016
- http://rhn.redhat.com/errata/RHSA-2014-0026.html
- http://rhn.redhat.com/errata/RHSA-2014-0027.html
- http://rhn.redhat.com/errata/RHSA-2014-0030.html
- http://rhn.redhat.com/errata/RHSA-2014-0097.html
- http://rhn.redhat.com/errata/RHSA-2014-0134.html
- http://rhn.redhat.com/errata/RHSA-2014-0135.html
- http://secunia.com/advisories/56432
- http://secunia.com/advisories/56485
- http://secunia.com/advisories/56486
- http://secunia.com/advisories/56535
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- http://www.securityfocus.com/bid/64924
- http://www.securitytracker.com/id/1029608
- http://www.ubuntu.com/usn/USN-2089-1
- http://www.ubuntu.com/usn/USN-2124-1
- https://access.redhat.com/errata/RHSA-2014:0414
- https://bugzilla.redhat.com/show_bug.cgi?id=1051911
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90348
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
- https://rhn.redhat.com/errata/RHSA-2014-0027.html
- https://rhn.redhat.com/errata/RHSA-2014-0026.html
- https://rhn.redhat.com/errata/RHSA-2014-0030.html
- https://rhn.redhat.com/errata/RHSA-2014-0097.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025800.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025947.html
- http://mail.openjdk.java.net/pipermail/jdk6-dev/2014-January/003212.html
- https://rhn.redhat.com/errata/RHSA-2014-0135.html
- https://rhn.redhat.com/errata/RHSA-2014-0134.html
- https://rhn.redhat.com/errata/RHSA-2014-0414.html
- https://rhn.redhat.com/errata/RHSA-2014-0705.html
- https://rhn.redhat.com/errata/RHSA-2014-0982.html
Frequently Asked Questions
What is the severity of CVE-2013-5884?
CVE-2013-5884 has been classified as a medium severity vulnerability due to the potential for untrusted applications to bypass Java sandbox restrictions.
How do I fix CVE-2013-5884?
To fix CVE-2013-5884, update your Java installation to a version that is not affected, specifically versions 1.7.0-update51 or later.
What types of applications are affected by CVE-2013-5884?
CVE-2013-5884 affects untrusted Java applications or applets that utilize CORBA stub factories.
Which versions of Oracle Java are impacted by CVE-2013-5884?
CVE-2013-5884 impacts Oracle Java SE versions 5.0u55, 6u65, and 7u45, as well as Java SE Embedded 7u45.
What can happen if I do not address CVE-2013-5884?
Failure to address CVE-2013-5884 may allow malicious Java applications to execute arbitrary code and compromise the security of the user’s system.
- agent/type
- agent/first-publish-date
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-5884
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/oracle
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0-update45
- canonical/oracle jdk 6
- version/oracle jdk 6/1.5.0-update55
- version/oracle java runtime environment (jre)/1.5.0-update55
- version/oracle jdk 6/1.6.0-update65
- version/oracle java runtime environment (jre)/1.6.0-update65