CVE-2013-1518 — HIGH (10.0)

Q: How severe is CVE-2013-1518?

CVE-2013-1518 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-1518?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jre, Oracle Jdk, Sun Jre, Sun Jdk.

Vulnerability Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Oracle	Jre	<= 1.7.0
Oracle	Jdk	<= 1.7.0
Sun	Jre	1.6.0
Sun	Jdk	1.6.0

References

FAQ

What is CVE-2013-1518?

CVE-2013-1518 is a vulnerability with a CVSS score of 10.0 (HIGH). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows...

How severe is CVE-2013-1518?

CVE-2013-1518 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1518?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jre, Oracle Jdk, Sun Jre, Sun Jdk.