CVE-2013-5852 [High] | Security Vulnerability in Jre

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-06-01	1.77%	1.50%	-0.27%
2	2025-03-30	5.31%	1.77%	-3.54%
3	2025-03-29	—	5.31%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-06-01

1.77%

1.50%

-0.27%

2025-03-30

5.31%

1.77%

-3.54%

2025-03-29

—

5.31%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.6	2.0	HIGH	`AV:N/AC:H/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:H) Exploitation requires uncommon or highly specific conditions. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	4.9	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.6

2.0

HIGH

AV:N/AC:H/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:H): Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

4.9

10.0

[email protected]

OS Trackers for CVE-2013-5852

vendor	priority	summary	link
`gentoo`	high	CVE-2013-5852: 1 GLSA(s) (201401-30), 5 atom(s) (app-emulation/emul-linux-x86-java, dev-java/oracle-jdk-bin, dev-java/oracle-jre-bin, dev-java/sun-jdk, dev-java/sun-jre-bin); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-5852
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2013-5852
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2013-5852/
`ubuntu`	medium	CVE-2013-5852 medium priority: Ubuntu including 2 source packages (openjdk-6, openjdk-7), 10 status rows across 5 suites (lucid, precise, quantal, raring, upstream): not-affected 9, DNE 1.	https://ubuntu.com/security/CVE-2013-5852

Affected software / configurations for CVE-2013-5852

Vendor	Product	Version	Raw CPE
oracle	jre	<= 1.7.0	cpe:2.3:a:oracle:jre::update40::::::*
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:::::::*
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update1::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update10::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update11::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update13::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update15::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update17::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update2::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update21::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update25::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update3::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update4::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update5::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update6::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update7::::::
oracle	jre	1.7.0	cpe:2.3:a:oracle:jre:1.7.0:update9::::::
oracle	jdk	<= 1.7.0	cpe:2.3:a:oracle:jdk::update40::::::*
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:::::::*
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update1::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update10::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update11::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update13::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update15::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update17::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update2::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update21::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update25::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update3::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update4::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update5::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update6::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update7::::::
oracle	jdk	1.7.0	cpe:2.3:a:oracle:jdk:1.7.0:update9::::::
oracle	jre	<= 1.6.0	cpe:2.3:a:oracle:jre::update60::::::*
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update22::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update23::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update24::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update25::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update26::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update27::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update29::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update30::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update31::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update32::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update33::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update34::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update35::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update37::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update38::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update39::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update41::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update43::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update45::::::
oracle	jre	1.6.0	cpe:2.3:a:oracle:jre:1.6.0:update51::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:::::::*
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_1::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_10::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_11::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_12::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_13::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_14::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_15::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_16::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_17::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_18::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_19::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_2::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_20::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_21::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_3::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_4::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_5::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_6::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_7::::::
sun	jre	1.6.0	cpe:2.3:a:sun:jre:1.6.0:update_9::::::
oracle	jdk	<= 1.6.0	cpe:2.3:a:oracle:jdk::update60::::::*
oracle	jdk	1.6.0	cpe:2.3:a:oracle:jdk:1.6.0:update22::::::
oracle	jdk	1.6.0	cpe:2.3:a:oracle:jdk:1.6.0:update23::::::
oracle	jdk	1.6.0	cpe:2.3:a:oracle:jdk:1.6.0:update24::::::

References for CVE-2013-5852

URL	Tags
http://marc.info/?l=bugtraq&m=138674031212883&w=2
http://marc.info/?l=bugtraq&m=138674073720143&w=2
http://osvdb.org/98543
http://rhn.redhat.com/errata/RHSA-2013-1440.html
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html	Vendor Advisory
http://www.securityfocus.com/bid/63130
https://access.redhat.com/errata/RHSA-2014:0414
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18983

URL

CVE-2013-5852

Exploit prediction scoring system (EPSS) score for CVE-2013-5852

Common vulnerability scoring system (CVSS) metrics for CVE-2013-5852

Weakness enumeration for CVE-2013-5852

OS Trackers for CVE-2013-5852

Affected software / configurations for CVE-2013-5852

References for CVE-2013-5852