CVE-2013-5910
First published: Tue Jan 14 2014(Updated: )
It was discovered that the Security component in OpenJDK could pass mutable strings to untrusted code. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea | <2.4.4 | 2.4.4 |
| redhat/icedtea | <2.3.13 | 2.3.13 |
| redhat/icedtea | <1.12.8 | 1.12.8 |
| redhat/icedtea | <1.13.1 | 1.13.1 |
| Oracle JDK 6 | =1.6.0-update65 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update65 | |
| Oracle JDK 6 | =1.7.0-update45 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update45 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/07004bb53c3c
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
- http://marc.info/?l=bugtraq&m=139402697611681&w=2
- http://marc.info/?l=bugtraq&m=139402749111889&w=2
- http://osvdb.org/102021
- http://rhn.redhat.com/errata/RHSA-2014-0026.html
- http://rhn.redhat.com/errata/RHSA-2014-0027.html
- http://rhn.redhat.com/errata/RHSA-2014-0030.html
- http://rhn.redhat.com/errata/RHSA-2014-0097.html
- http://rhn.redhat.com/errata/RHSA-2014-0134.html
- http://rhn.redhat.com/errata/RHSA-2014-0135.html
- http://secunia.com/advisories/56432
- http://secunia.com/advisories/56485
- http://secunia.com/advisories/56486
- http://secunia.com/advisories/56535
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- http://www.securityfocus.com/bid/64933
- http://www.securitytracker.com/id/1029608
- http://www.ubuntu.com/usn/USN-2089-1
- http://www.ubuntu.com/usn/USN-2124-1
- https://access.redhat.com/errata/RHSA-2014:0414
- https://bugzilla.redhat.com/show_bug.cgi?id=1052942
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90352
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
- https://rhn.redhat.com/errata/RHSA-2014-0027.html
- https://rhn.redhat.com/errata/RHSA-2014-0026.html
- https://rhn.redhat.com/errata/RHSA-2014-0030.html
- https://rhn.redhat.com/errata/RHSA-2014-0097.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025800.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025947.html
- http://mail.openjdk.java.net/pipermail/jdk6-dev/2014-January/003212.html
- https://rhn.redhat.com/errata/RHSA-2014-0135.html
- https://rhn.redhat.com/errata/RHSA-2014-0134.html
- https://rhn.redhat.com/errata/RHSA-2014-0414.html
- https://rhn.redhat.com/errata/RHSA-2014-0705.html
- https://rhn.redhat.com/errata/RHSA-2014-0982.html
Frequently Asked Questions
What is the severity of CVE-2013-5910?
CVE-2013-5910 has been rated as a high-severity vulnerability that can allow bypassing Java sandbox restrictions.
How do I fix CVE-2013-5910?
To fix CVE-2013-5910, you should upgrade to the latest patched versions of OpenJDK or IcedTea as specified by the vendor.
What software is affected by CVE-2013-5910?
CVE-2013-5910 affects various versions of Oracle JDK and JRE, specifically 6u65 and 7u45, along with multiple versions of IcedTea.
What are the potential impacts of CVE-2013-5910?
The potential impact of CVE-2013-5910 includes the ability for untrusted Java applications to execute code outside of the controlled sandbox environment.
Is there a workaround for CVE-2013-5910?
There are no effective workarounds for CVE-2013-5910; upgrading to a secure version is the most reliable mitigation.
- agent/type
- agent/first-publish-date
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-5910
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.6.0-update65
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.6.0-update65
- version/oracle jdk 6/1.7.0-update45
- version/oracle java runtime environment (jre)/1.7.0-update45