CVE-2013-5906 - Vulnerability Details

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.02598.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hp-ux Jdk Jre
Oracle	Jdk Jre
Redhat	Enterprise Linux Desktop Supplementary Enterprise Linux Hpc Node Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Aus Enterprise Linux Server Supplementary Eus Enterprise Linux Workstation Supplementary Rhel Extras Rhel Extras Oracle Java

Configuration 1 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary_aus:6.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.5.z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*

Configuration 2 [-]

cpe:2.3:a:oracle:jre:1.7.0:update45:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:oracle:jdk:1.6.0:update65::::::
	cpe:2.3:a:oracle:jre:1.6.0:update65::::::

Configuration 4 [-]

AND

OR	cpe:2.3:a:hp:jdk::::::::
	cpe:2.3:a:hp:jre::::::::

OR	cpe:2.3:o:hp:hp-ux:b.11.23:::::::*
	cpe:2.3:o:hp:hp-ux:b.11.31:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:oracle:jdk:1.5.0:update55::::::
	cpe:2.3:a:oracle:jre:1.5.0:update55::::::

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2014:0414	2014-04-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2014:0414	2014-04-17T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.51-1jpp.1.el5_10	cpe:/a:redhat:rhel_extras:5	RHSA-2014:0030	2014-01-15T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.7.0-oracle-1:1.7.0.51-1jpp.1.el6_5	cpe:/a:redhat:rhel_extras:6	RHSA-2014:0030	2014-01-15T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2013-5740	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install, a different vulnerability than CVE-2013-5905.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://marc.info/?l=bugtraq&m=139402697611681&w=2
http://marc.info/?l=bugtraq&m=139402749111889&w=2
http://osvdb.org/102010
http://rhn.redhat.com/errata/RHSA-2014-0030.html
http://secunia.com/advisories/56485
http://secunia.com/advisories/56535
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html#AppendixJAVA
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/64903
http://www.securitytracker.com/id/1029608
https://access.redhat.com/errata/RHSA-2014:0414
https://exchange.xforce.ibmcloud.com/vulnerabilities/90342
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
https://nvd.nist.gov/vuln/detail/CVE-2013-5906
https://www.cve.org/CVERecord?id=CVE-2013-5906

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2014-01-15T01:33:00

Updated: 2024-08-06T17:29:41.202Z

Reserved: 2013-09-18T00:00:00

Link: CVE-2013-5906

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-01-15T16:08:06.437

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-5906

Redhat

Severity : Moderate

Publid Date: 2014-01-14T00:00:00Z

Links: CVE-2013-5906 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object