{
  "threat_severity" : "Low",
  "public_date" : "2013-10-15T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: insufficient html escaping in jhat (jhat, 8011081)",
    "id" : "1018717",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1018717"
  },
  "cvss" : {
    "cvss_base_score" : "4.0",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:N",
    "status" : "verified"
  },
  "details" : [ "Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2014-04-17T00:00:00Z",
    "advisory" : "RHSA-2014:0414",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2014-04-17T00:00:00Z",
    "advisory" : "RHSA-2014:0414",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2013-10-21T00:00:00Z",
    "advisory" : "RHSA-2013:1447",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.1.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2013-11-05T00:00:00Z",
    "advisory" : "RHSA-2013:1505",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.0-1.42.1.11.14.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-10-22T00:00:00Z",
    "advisory" : "RHSA-2013:1451",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.45-2.4.3.2.el6_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-11-05T00:00:00Z",
    "advisory" : "RHSA-2013:1505",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.0-1.65.1.11.14.el6_4"
  }, {
    "product_name" : "Red Hat Network Satellite Server v 5.4",
    "release_date" : "2013-12-05T00:00:00Z",
    "advisory" : "RHSA-2013:1793",
    "cpe" : "cpe:/a:redhat:network_satellite:5.4::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Network Satellite Server v 5.5",
    "release_date" : "2013-12-05T00:00:00Z",
    "advisory" : "RHSA-2013:1793",
    "cpe" : "cpe:/a:redhat:network_satellite:5.5::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5"
  }, {
    "product_name" : "Red Hat Satellite 5.6",
    "release_date" : "2013-12-05T00:00:00Z",
    "advisory" : "RHSA-2013:1793",
    "cpe" : "cpe:/a:redhat:network_satellite:5.6::el5",
    "package" : "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 5",
    "release_date" : "2013-10-17T00:00:00Z",
    "advisory" : "RHSA-2013:1440",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.45-1jpp.1.el5_10"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 5",
    "release_date" : "2013-11-07T00:00:00Z",
    "advisory" : "RHSA-2013:1507",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 5",
    "release_date" : "2013-11-07T00:00:00Z",
    "advisory" : "RHSA-2013:1508",
    "cpe" : "cpe:/a:redhat:rhel_extras:5",
    "package" : "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el5_10"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2013-10-17T00:00:00Z",
    "advisory" : "RHSA-2013:1440",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.45-1jpp.2.el6_4"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2013-11-07T00:00:00Z",
    "advisory" : "RHSA-2013:1507",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4"
  }, {
    "product_name" : "Supplementary for Red Hat Enterprise Linux 6",
    "release_date" : "2013-11-07T00:00:00Z",
    "advisory" : "RHSA-2013:1508",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.6.0-ibm-1:1.6.0.15.0-1jpp.1.el6_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "java-1.5.0-ibm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "java-1.5.0-ibm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-5772\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5772\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" ],
  "name" : "CVE-2013-5772",
  "csaw" : false
}