CVE-2013-1518

Name of the Vulnerable Software and Affected Versions Java SE versions 7 Update 17 and earlier Java SE versions 6 Update 43 and earlier Java SE versions 5.0 Update 41 and earlier OpenJDK versions 6 and 7

Description The issue affects the Java Runtime Environment (JRE) component, allowing remote attackers to impact confidentiality, integrity, and availability through vectors related to JAXP. It is noted that Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."

Recommendations For Java SE versions 7 Update 17 and earlier, update to a version later than Update 17. For Java SE versions 6 Update 43 and earlier, update to a version later than Update 43. For Java SE versions 5.0 Update 41 and earlier, update to a version later than Update 41. For OpenJDK versions 6 and 7, consider disabling JAXP functionality until a patch is available.