CVE-2013-5893
First published: Fri Jan 10 2014(Updated: )
It was discovered that the HotSpot JVM in OpenJDK did not properly handle methods in MethodHandles. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea | <2.4.4 | 2.4.4 |
| Oracle JDK 6 | =1.7.0-update45 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update45 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/839100e42498
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
- http://marc.info/?l=bugtraq&m=139402697611681&w=2
- http://osvdb.org/102000
- http://rhn.redhat.com/errata/RHSA-2014-0026.html
- http://rhn.redhat.com/errata/RHSA-2014-0027.html
- http://rhn.redhat.com/errata/RHSA-2014-0030.html
- http://secunia.com/advisories/56432
- http://secunia.com/advisories/56485
- http://secunia.com/advisories/56486
- http://secunia.com/advisories/56535
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- http://www.securityfocus.com/bid/64863
- http://www.securitytracker.com/id/1029608
- http://www.ubuntu.com/usn/USN-2089-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1051549
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
- https://rhn.redhat.com/errata/RHSA-2014-0027.html
- https://rhn.redhat.com/errata/RHSA-2014-0026.html
- https://rhn.redhat.com/errata/RHSA-2014-0030.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025800.html
Frequently Asked Questions
What is the severity of CVE-2013-5893?
CVE-2013-5893 is considered to be a high severity vulnerability due to its potential to bypass Java sandbox restrictions.
How do I fix CVE-2013-5893?
To fix CVE-2013-5893, update to an unaffected version of OpenJDK or Oracle Java SE beyond version 7u45.
What software is affected by CVE-2013-5893?
CVE-2013-5893 affects Oracle Java SE 7u45, OpenJDK 7, and specific versions of IcedTea.
Can CVE-2013-5893 be exploited remotely?
Yes, CVE-2013-5893 may allow remote attackers to exploit the vulnerability through untrusted Java applications or applets.
What components of the Java environment are impacted by CVE-2013-5893?
CVE-2013-5893 impacts the HotSpot JVM and specifically the handling of methods in MethodHandles.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-5893
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0-update45
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0-update45