CVE-2013-5896

Impact:: Moderate
Public Date:: 2014-01-14

Bugzilla:: 1053266: CVE-2013-5896 OpenJDK: com.sun.corba.se. should be restricted package (CORBA, 8025022)

The MITRE CVE dictionary describes this issue as:

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list.

Find out more about CVE-2013-5896 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score	4.3
Base Metrics	AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform	Errata	Release Date
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm)	RHSA-2014:0135	2014-02-04
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk)	RHSA-2014:0097	2014-01-27
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk)	RHSA-2014:0027	2014-01-15
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm)	RHSA-2014:0982	2014-07-29
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-oracle)	RHSA-2014:0030	2014-01-15
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm)	RHSA-2014:0982	2014-07-29
Red Hat Satellite 5.5 (RHEL v.5) (java-1.6.0-ibm)	RHSA-2014:0982	2014-07-29
Red Hat Satellite 5.5 (RHEL v.6) (java-1.6.0-ibm)	RHSA-2014:0982	2014-07-29
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm)	RHSA-2014:0135	2014-02-04
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm)	RHSA-2014:0134	2014-02-04
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun)	RHSA-2014:0414	2014-04-17
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm)	RHSA-2014:0705	2014-06-10
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm)	RHSA-2014:0134	2014-02-04
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk)	RHSA-2014:0097	2014-01-27
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk)	RHSA-2014:0026	2014-01-15
Red Hat Satellite 5.4 (RHEL v.6) (java-1.6.0-ibm)	RHSA-2014:0982	2014-07-29
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm)	RHSA-2014:0982	2014-07-29
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun)	RHSA-2014:0414	2014-04-17
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-oracle)	RHSA-2014:0030	2014-01-15

Affected Packages State

Platform	Package	State
Red Hat Enterprise Linux 7	java-1.6.0-openjdk	Not affected
Red Hat Enterprise Linux 7	java-1.7.0-openjdk	Not affected
Red Hat Enterprise Linux 7	java-1.7.0-oracle	Not affected

Mitigation

Applications running with a security manager that make direct use of classes
in these JDK internal packages, need to adjust their security policy to
grant access. See Java Security Policy Files documentation.

External References

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Last Modified 2018-07-17T10:28:19+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories