Vulnerability CVE-2013-5375

Vulnerability Name:

CVE-2013-5375 (CCN-86901)

Assigned:

2013-11-05

Published:

2013-11-05

Updated:

2017-08-29

Summary:

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2013-5375

Source: SUSE
Type: UNKNOWN
SUSE-SU-2013:1677

Source: CCN
Type: RHSA-2013-1507
Critical: java-1.7.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1507

Source: CCN
Type: RHSA-2013-1508
Critical: java-1.6.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1508

Source: CCN
Type: RHSA-2013-1509
Important: java-1.5.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1509

Source: CCN
Type: RHSA-2013-1793
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1793

Source: CCN
Type: SA56338
IBM Smart Analytics System Series Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
56338

Source: AIXAPAR
Type: UNKNOWN
IV51089

Source: AIXAPAR
Type: UNKNOWN
IV51090

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21655201

Source: CCN
Type: IBM Security Bulletin 1655202
Multiple vulnerabilities in IBM WebSphere Real Time

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21655202

Source: CCN
Type: IBM Security Bulletin 1659530
IBM Smart Analytics System 5600 is affected by multiple vulnerabilities in the IBM Java SDK

Source: CCN
Type: IBM Security Bulletin 1661213
IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Source: CCN
Type: IBM developerWorks
IBM Security Update November 2013

Source: CCN
Type: IBM Security Bulletin 1655201
Multiple vulnerabilities in current releases of the IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1659761
Multiple IBM SDK Java Technology Edition, Version 6 security vulnerabilities addressed in Tivoli Endpoint Manager for Remote Control

Source: CCN
Type: IBM Security Bulletin 1667716
Multiple IBM SDK Java Technology Edition, Version 6 security vulnerabilities addressed in Tivoli Remote Control

Source: CCN
Type: OSVDB ID: 99533
IBM Java Unspecified Access Restriction Bypass (2013-5375)

Source: CCN
Type: BID-63621
IBM Java CVE-2013-5375 Unspecified Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
ibm-xslt-cve20135375-security-bypass(86901)

Source: XF
Type: UNKNOWN
ibm-xslt-cve20135375-security-bypass(86901)

Source: CONFIRM
Type: Vendor Advisory
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:java:5.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:6.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:6.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:7.0.0.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:java_sdk:6.0.16.7:*:*:*:technology:*:*:*

OR cpe:/a:ibm:java_sdk:7.0.9.10:*:*:*:technology:*:*:*

AND

cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_ilog_jrules:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_endpoint_manager:8.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7707	P	libykcs11-1-1.6.2-4.30 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7729	P	p7zip-16.02-150200.14.9.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:20135375	V	CVE-2013-5375	2022-05-20
oval:org.opensuse.security:def:33795	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:29496	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:33066	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:33067	P	Security update for libqt4 (Important)	2021-12-22
oval:org.opensuse.security:def:7005	P	Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) (Important)	2021-12-14
oval:org.opensuse.security:def:33753	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:26179	P	Security update for gmp (Moderate)	2021-12-02
oval:org.opensuse.security:def:26178	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:26177	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:33746	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:34587	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:6980	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)	2021-10-14
oval:org.opensuse.security:def:34547	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:34540	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:29418	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:29411	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:33696	P	Security update for mariadb (Important)	2021-08-06
oval:org.opensuse.security:def:33689	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:36495	P	libtirpc-devel-0.2.1-1.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36537	P	perl-base-32bit-5.10.0-64.72.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:6905	P	Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP1) (Important)	2021-05-25
oval:org.opensuse.security:def:33909	P	Security update for xen (Important)	2021-05-19
oval:org.opensuse.security:def:29361	P	Security update for the Linux Kernel (Important)	2021-05-17
oval:org.opensuse.security:def:33902	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:13238	P	java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:46358	P	java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:29354	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:6886	P	Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)	2021-04-28
oval:org.opensuse.security:def:6871	P	Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)	2021-04-07
oval:org.opensuse.security:def:7069	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:33085	P	Security update for postgresql-jdbc (Moderate)	2021-02-25
oval:org.opensuse.security:def:33078	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:33074	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33073	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:26189	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:26190	P	Security update for MozillaFirefox (Low)	2021-02-10
oval:org.opensuse.security:def:34580	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:7056	P	Security update for the Linux Kernel (Important)	2020-12-10
oval:org.opensuse.security:def:35638	P	squid-2.7.STABLE5-2.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35813	P	python-sssd-config-1.5.11-0.9.96 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35697	P	findutils-4.4.0-38.26.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35857	P	PackageKit-0.3.14-2.28.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35746	P	libfreebl3-3.13.1-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35785	P	mono-core-2.6.7-0.7.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:33394	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:35230	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:26381	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:26754	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26909	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26254	P	Security update for dia (Moderate)	2020-12-01
oval:org.opensuse.security:def:26604	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26896	P	foomatic-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27627	P	Security update for IBM Java 7	2020-12-01
oval:org.opensuse.security:def:29068	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:29752	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:30491	P	Security update for fastjar	2020-12-01
oval:org.opensuse.security:def:29057	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29710	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29860	P	Security update for the Linux Kernel	2020-12-01
oval:org.opensuse.security:def:29056	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:6824	P	python-libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33157	P	libksba on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33532	P	Security update for xpdf	2020-12-01
oval:org.opensuse.security:def:33834	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:33451	P	Security update for GNOME screensaver	2020-12-01
oval:org.opensuse.security:def:33802	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:34999	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:35331	P	Security update for minicom (Moderate)	2020-12-01
oval:org.opensuse.security:def:26462	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:26807	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26953	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26382	P	Security update for ffmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:26755	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26910	P	gstreamer-0_10-plugins-base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29137	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:29791	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30528	P	Security update for IBM Java 6	2020-12-01
oval:org.opensuse.security:def:29075	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:29759	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:30498	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29064	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:29063	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:33292	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33858	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:33164	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33539	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:33841	P	Security update for gtk2	2020-12-01
oval:org.opensuse.security:def:35010	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:35388	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:26519	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26856	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27591	P	yast2-core-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34998	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26463	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:26808	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26954	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29268	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29649	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:29809	P	Security update for jakarta-commons-fileupload (Important)	2020-12-01
oval:org.opensuse.security:def:29144	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:29503	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29798	P	Security update for icu	2020-12-01
oval:org.opensuse.security:def:30535	P	Security update for IBM Java 7	2020-12-01
oval:org.opensuse.security:def:6756	P	libsndfile1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7038	P	libgadu3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33387	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:6748	P	libqt4-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33299	P	xorg-x11-libXt-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33865	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:35094	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:35478	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26253	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26603	P	libsnmp15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26895	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27626	P	Security update for IBM Java 6	2020-12-01
oval:org.opensuse.security:def:26520	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26857	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27592	P	yast2-devel-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29703	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29853	P	Security update for Linux Kernel	2020-12-01
oval:org.opensuse.security:def:29275	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29656	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29816	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:6778	P	libvte9 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:7047	P	libhogweed2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33444	P	Security update for pidgin	2020-12-01
oval:org.mitre.oval:def:21240	P	RHSA-2013:1508: java-1.6.0-ibm security update (Critical)	2015-03-09
oval:org.mitre.oval:def:21151	P	RHSA-2013:1507: java-1.7.0-ibm security update (Critical)	2015-03-09
oval:org.mitre.oval:def:25287	P	SUSE-SU-2013:1669-1 -- Security update for IBM Java 5	2014-09-08
oval:org.mitre.oval:def:23813	P	ELSA-2013:1507: java-1.7.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:24011	P	ELSA-2013:1508: java-1.6.0-ibm security update (Critical)	2014-05-26
oval:com.redhat.rhsa:def:20131507	P	RHSA-2013:1507: java-1.7.0-ibm security update (Critical)	2013-11-07
oval:com.redhat.rhsa:def:20131508	P	RHSA-2013:1508: java-1.6.0-ibm security update (Critical)	2013-11-07
oval:com.redhat.rhsa:def:20131509	P	RHSA-2013:1509: java-1.5.0-ibm security update (Important)	2013-11-07

BACK