Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."

References

• BID-59141
• CERT-TA13-107A
• CVE-2013-1518
• OVAL-OVAL16702
• OVAL-OVAL19451
• OVAL-OVAL19705
• REDHAT-RHSA-2013:0752
• REDHAT-RHSA-2013:0757
• REDHAT-RHSA-2013:0758
• URL: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

Solution Reference

Solution

Related Vulnerabilities

• Amazon Linux AMI: Security patch for java-1.6.0-openjdk (ALAS-2013-185) (multiple CVEs)
• RHSA-2013:0757: java-1.7.0-oracle security update
• RHSA-2013:0752: java-1.7.0-openjdk security update
• Java CPU April 2013 Java Runtime Environment JAXP vulnerability (CVE-2013-1518)
• Gentoo Linux: CVE-2013-1518: Oracle JRE/JDK: Multiple vulnerabilities
• RHSA-2013:0751: java-1.7.0-openjdk security update
• ELSA-2013-0751 Critical: Oracle Linux java-1.7.0-openjdk security update
• ELSA-2013-0752 Important: Oracle Linux java-1.7.0-openjdk security update
• HP-UX: CVE-2013-1518: Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
• RHSA-2013:0758: java-1.6.0-sun security update
• USN-1806-1: OpenJDK 7 vulnerabilities
• Amazon Linux AMI: Security patch for java-1.7.0-openjdk (ALAS-2013-183) (multiple CVEs)
• ELSA-2013-0770 Important: Oracle Linux java-1.6.0-openjdk security update
• Alpine Linux: CVE-2013-1518: Multiple vulnerabilities in openjdk6 < 1.11.10 allows remote code execution
• SUSE Linux Security Vulnerability: CVE-2013-1518
• RHSA-2013:0770: java-1.6.0-openjdk security update
• USN-1819-1: OpenJDK 6 vulnerabilities