CVE-2013-5910
OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays.
Vulnerabilidad no especificada en Oracle Java SE 6u65 y 7u45 y Java SE Embedded 7u45, permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Security.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-09-18 CVE Reserved
- 2014-01-15 CVE Published
- 2024-01-13 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (31)
| URL | Tag | Source |
|---|---|---|
| http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/07004bb53c3c | X_refsource_confirm | |
| http://osvdb.org/102021 | Vdb Entry | |
| http://secunia.com/advisories/56432 | Third Party Advisory | |
| http://secunia.com/advisories/56485 | Third Party Advisory | |
| http://secunia.com/advisories/56486 | Third Party Advisory | |
| http://secunia.com/advisories/56535 | Third Party Advisory | |
| http://www.securityfocus.com/bid/64758 | Vdb Entry | |
| http://www.securityfocus.com/bid/64933 | Vdb Entry | |
| http://www.securitytracker.com/id/1029608 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90352 | Vdb Entry | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0" | update65 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.6.0 Search vendor "Oracle" for product "Jre" and version "1.6.0" | update65 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0" | update45 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0" | update45 |
Affected
| ||||||