CVE - CVE-2013-3009

CVE-ID
CVE-2013-3009	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IV44792 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV44792 AIXAPAR:IX90118 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118 AIXAPAR:PM91727 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21642336 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21644197 CONFIRM:http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013 FULLDISC:20160404 [SE-2012-01] Broken security fix in IBM Java 7/8 URL:http://seclists.org/fulldisclosure/2016/Apr/3 FULLDISC:20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8 URL:http://seclists.org/fulldisclosure/2016/Apr/20 MISC:http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf MISC:http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf REDHAT:RHSA-2013:1059 URL:http://rhn.redhat.com/errata/RHSA-2013-1059.html REDHAT:RHSA-2013:1060 URL:http://rhn.redhat.com/errata/RHSA-2013-1060.html REDHAT:RHSA-2013:1081 URL:http://rhn.redhat.com/errata/RHSA-2013-1081.html SECUNIA:54154 URL:http://secunia.com/advisories/54154 SUSE:SUSE-SU-2013:1255 URL:http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html SUSE:SUSE-SU-2013:1256 URL:http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html SUSE:SUSE-SU-2013:1257 URL:http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html SUSE:SUSE-SU-2013:1263 URL:http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html SUSE:SUSE-SU-2013:1264 URL:http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html SUSE:SUSE-SU-2013:1293 URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html SUSE:SUSE-SU-2013:1305 URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html XF:ibm-java-cve20133009(84150) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/84150
Assigning CNA
IBM Corporation
Date Record Created
20130412	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130412)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)