Vulnerability Name:

CVE-2013-5899 (CCN-90346)

Assigned:2013-09-18
Published:2014-01-14
Updated:2022-05-13
Summary:Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2013-5899

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0246

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0266

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0451

Source: HP
Type: UNKNOWN
SSRT101454

Source: HP
Type: UNKNOWN
SSRT101455

Source: OSVDB
Type: UNKNOWN
102014

Source: CCN
Type: RHSA-2014-0030
Critical: java-1.7.0-oracle security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0030

Source: CCN
Type: RHSA-2014-0134
Critical: java-1.7.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0134

Source: CCN
Type: RHSA-2014-0135
Critical: java-1.6.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0135

Source: CCN
Type: RHSA-2014-0705
Critical: java-1.7.1-ibm security update

Source: CCN
Type: RHSA-2014-0982
Low: Red Hat Network Satellite server IBM Java Runtime security update

Source: SECUNIA
Type: UNKNOWN
56485

Source: SECUNIA
Type: UNKNOWN
56535

Source: CCN
Type: IBM Security Bulletin 1665690
IBM Smart Analytics System 5600 is affected by multiple vulnerabilities in the IBM SDK Java™ Technology Edition, Version 6

Source: CCN
Type: IBM Security Bulletin 1020003
Multiple vulnerabilities in the IBM SDK Java Technology for IBM i

Source: CCN
Type: IBM Security Bulletin 1659761
Multiple IBM SDK Java Technology Edition, Version 6 security vulnerabilities addressed in Tivoli Endpoint Manager for Remote Control

Source: CCN
Type: IBM Security Bulletin 1662968
Multiple vulnerabilities in current releases of IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1662998
Multiple vulnerabilities in IBM WebSphere Real Time

Source: CCN
Type: IBM Security Bulletin 1664835
Potential security vulnerabilities with JavaTM SDKs

Source: CCN
Type: IBM Security Bulletin 1667716
Multiple IBM SDK Java Technology Edition, Version 6 security vulnerabilities addressed in Tivoli Remote Control

Source: CCN
Type: IBM Security Bulletin 1668742
Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1669498
Multiple IBM SDK Java Technology Edition, Version 7 security vulnerabilities addressed in IBM Endpoint Manager for Remote Control

Source: CCN
Type: IBM Security Bulletin 1671348
Security Bulletin for IBM Integration Bus and IBM WebSphere Message Broker: Multiple security vulnerabilities in IBM JREs 6 & 7

Source: CCN
Type: IBM Security Bulletin 1672078
InfoSphere Streams is affected by a vulnerability in the IBM SDK, Java Technology Edition (CVE-2014-0411)

Source: CCN
Type: IBM Security Bulletin 1672835
TADDM - Java Quarterly CPU - January 2014

Source: CCN
Type: IBM Security Bulletin 1673091
IBM Tivoli Monitoring clients affected by vulnerabilities in IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 1674707
IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 1675205
ulnerability in IBM Tivoli System Automation for Integrated Operations Management (several CVEs).

Source: CCN
Type: IBM Security Bulletin 1677588
Tivoli Storage Productivity Center - Oracle CPU January 2014

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - January 2014

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

Source: BID
Type: UNKNOWN
64758

Source: CCN
Type: BID-64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
64928

Source: CCN
Type: BID-64928
Oracle Java SE CVE-2013-5899 Remote Security Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029608

Source: REDHAT
Type: UNKNOWN
RHSA-2014:0414

Source: XF
Type: UNKNOWN
oracle-cpujan2014-cve20135899(90346)

Source: XF
Type: UNKNOWN
oracle-cpujan2014-cve20135899(90346)

Source: CONFIRM
Type: UNKNOWN
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:jdk:1.6.0:update65:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.6.0:update65:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:oracle:jre:1.7.0:update45:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras_oracle_java:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras_oracle_java:6:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:jdk:1.7.0:update45:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update45:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:tivoli_storage_productivity_center:5.1:-:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_message_broker:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_remote_control:5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:maximo_asset_management:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_streams:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_endpoint_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:application_manager_for_smart_business:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_supplementary_aus:6.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_supplementary_eus:6.5.z:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7707
    P
    		libykcs11-1-1.6.2-4.30 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7729
    P
    		p7zip-16.02-150200.14.9.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:20135899
    V
    		CVE-2013-5899
    2022-05-20
    oval:org.opensuse.security:def:7005
    P
    		Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) (Important)
    2021-12-14
    oval:org.opensuse.security:def:6980
    P
    		Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP1) (Important)
    2021-10-14
    oval:org.opensuse.security:def:36537
    P
    		perl-base-32bit-5.10.0-64.72.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36495
    P
    		libtirpc-devel-0.2.1-1.7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:6905
    P
    		Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP1) (Important)
    2021-05-25
    oval:org.opensuse.security:def:13238
    P
    		java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:46358
    P
    		java-1_6_0-ibm-1.6.0_sr16.1-5.9 on GA media (Moderate)
    2021-04-29
    oval:org.opensuse.security:def:6886
    P
    		Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)
    2021-04-28
    oval:org.opensuse.security:def:6871
    P
    		Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (Important)
    2021-04-07
    oval:org.opensuse.security:def:7069
    P
    		Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP2) (Important)
    2021-04-07
    oval:org.opensuse.security:def:7056
    P
    		Security update for the Linux Kernel (Important)
    2020-12-10
    oval:org.opensuse.security:def:35857
    P
    		PackageKit-0.3.14-2.28.46 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35638
    P
    		squid-2.7.STABLE5-2.4.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35746
    P
    		libfreebl3-3.13.1-0.2.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35813
    P
    		python-sssd-config-1.5.11-0.9.96 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35697
    P
    		findutils-4.4.0-38.26.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35785
    P
    		mono-core-2.6.7-0.7.19 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:34998
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:7038
    P
    		libgadu3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35388
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:6778
    P
    		libvte9 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:34999
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:35094
    P
    		Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:35331
    P
    		Security update for minicom (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6756
    P
    		libsndfile1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:7047
    P
    		libhogweed2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35478
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6824
    P
    		python-libxml2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:6748
    P
    		libqt4-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35010
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:35230
    P
    		Security update for libmspack (Moderate)
    2020-12-01
    oval:com.redhat.rhsa:def:20140414
    P
    		RHSA-2014:0414: java-1.6.0-sun security update (Important)
    2017-12-15
    oval:org.cisecurity:def:1541
    V
    		HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access
    2017-01-06
    oval:org.mitre.oval:def:22292
    P
    		RHSA-2014:0134: java-1.7.0-ibm security update (Critical)
    2015-08-03
    oval:org.mitre.oval:def:22560
    P
    		RHSA-2014:0135: java-1.6.0-ibm security update (Critical)
    2015-08-03
    oval:org.mitre.oval:def:25575
    P
    		SUSE-SU-2014:0266-1 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:25245
    P
    		SUSE-SU-2014:0266-3 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:25326
    P
    		SUSE-SU-2014:0246-1 -- Security update for IBM Java
    2014-09-08
    oval:org.mitre.oval:def:25365
    P
    		SUSE-SU-2014:0266-2 -- Security update for IBM Java 6
    2014-09-08
    oval:org.mitre.oval:def:24739
    P
    		ELSA-2014:0414: java-1.6.0-sun security update (Important)
    2014-07-21
    oval:org.mitre.oval:def:24557
    P
    		RHSA-2014:0414: java-1.6.0-sun security update (Important)
    2014-06-09
    oval:org.mitre.oval:def:24132
    P
    		ELSA-2014:0134: java-1.7.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:24172
    P
    		ELSA-2014:0030: java-1.7.0-oracle security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:24037
    P
    		ELSA-2014:0135: java-1.6.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22415
    P
    		RHSA-2014:0030: java-1.7.0-oracle security update (Critical)
    2014-05-12
    oval:org.mitre.oval:def:22066
    V
    		Vulnerability in Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
    2014-03-03
    oval:com.redhat.rhsa:def:20140134
    P
    		RHSA-2014:0134: java-1.7.0-ibm security update (Critical)
    2014-02-04
    oval:com.redhat.rhsa:def:20140135
    P
    		RHSA-2014:0135: java-1.6.0-ibm security update (Critical)
    2014-02-04
    oval:com.redhat.rhsa:def:20140030
    P
    		RHSA-2014:0030: java-1.7.0-oracle security update (Critical)
    2014-01-15
    oval:com.ubuntu.precise:def:20135899000
    V
    		CVE-2013-5899 on Ubuntu 12.04 LTS (precise) - low.
    2014-01-15
    BACK
    oracle jdk 1.6.0 update65
    oracle jre 1.6.0 update65
    oracle jre 1.7.0 update45
    oracle jdk 1.7.0 update45
    oracle jre 1.7.0 update45
    redhat enterprise linux 6
    ibm maximo asset management 7.1
    ibm maximo asset management 7.5
    tivoli_storage_productivity_center 5.1 -
    ibm websphere message broker 7.0
    ibm websphere message broker 8.0
    ibm tivoli remote control 5.1.2
    ibm infosphere streams 3.0.0
    ibm infosphere streams 3.1.0
    ibm maximo asset management 7.1.1
    ibm maximo asset management 7.1.2
    ibm infosphere streams 3.2.0
    ibm tivoli endpoint manager 8.0
    ibm i 6.1
    ibm i 7.1
    ibm tivoli storage productivity center 5.2.1
    ibm application manager for smart business 1.2.1
    ibm tivoli application dependency discovery manager 7.2.1
    ibm tivoli application dependency discovery manager 7.2.2
    ibm websphere real time 3.0
    ibm tivoli application dependency discovery manager 7.1.2
    redhat enterprise linux server supplementary aus 6.5
    redhat enterprise linux server supplementary eus 6.5.z