Key information for this vulnerability: Vulnerability ID: Bug 1018831 (CVE-2013-5840) Summary: OpenJDK: getDeclaringClass() Information Disclosure Key Feature: Safety Status: Closed (ERRATA) Aliases: CVE-2013-5840 Product: Security Response Component: Vulnerability Version: Not specified Hardware: All Operating System: Linux Priority: Medium Severity: Medium Target Milestone: --- Assignee: Red Hat Product Security NQA Contact: Documentation Contact: URL: Whiteboard: Depends on: Blocks: #1017632 Tree View+: Depends on / Blocks Related Attachments: (Terms of Use) Link Table: Red Hat Product ERRATA Red Hat Product ERRATA RHSA-2013:1440 0 normal SHIPPED_LIVE Critical: java-1.7.0-oracle Security Update 2013-11-13 16:11:19 UTC Related Comments: Tomas Hoger 2013-10-14 13:28:46 UTC Description: The implementation of the getDeclaringClass() method does not perform class loader package access checks. In certain configurations, untrusted Java applications or applets could exploit this flaw to bypass certain Java sandbox restrictions. Stefan Cornelius 2013-10-16 06:43:11 UTC Comment 1: External reference: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html