fkie_cve-2013-3009
Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2024-11-21 01:52
Severity ?
Summary
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
References
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1059.html
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1060.html
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1081.html
psirt@us.ibm.comhttp://seclists.org/fulldisclosure/2016/Apr/20
psirt@us.ibm.comhttp://seclists.org/fulldisclosure/2016/Apr/3
psirt@us.ibm.comhttp://secunia.com/advisories/54154Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV44792
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IX90118
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM91727
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21642336Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
psirt@us.ibm.comhttp://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf
psirt@us.ibm.comhttp://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84150
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1059.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1060.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1081.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2016/Apr/20
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2016/Apr/3
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54154Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV44792
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21642336Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84150
Impacted products
Vendor Product Version
ibm java 1.4.2
ibm java 1.4.2.13
ibm java 1.4.2.13.1
ibm java 1.4.2.13.2
ibm java 1.4.2.13.3
ibm java 1.4.2.13.4
ibm java 1.4.2.13.5
ibm java 1.4.2.13.6
ibm java 1.4.2.13.7
ibm java 1.4.2.13.8
ibm java 1.4.2.13.9
ibm java 1.4.2.13.10
ibm java 1.4.2.13.11
ibm java 1.4.2.13.12
ibm java 1.4.2.13.13
ibm java 1.4.2.13.14
ibm java 1.4.2.13.15
ibm java 1.4.2.13.16
ibm java 1.4.2.13.17
ibm java 7.0.0.0
ibm java 7.0.1.0
ibm java 7.0.2.0
ibm java 7.0.3.0
ibm java 7.0.4.0
ibm java 7.0.4.1
ibm java 7.0.4.2
ibm java 6.0.0.0
ibm java 6.0.1.0
ibm java 6.0.2.0
ibm java 6.0.3.0
ibm java 6.0.4.0
ibm java 6.0.5.0
ibm java 6.0.6.0
ibm java 6.0.7.0
ibm java 6.0.8.0
ibm java 6.0.8.1
ibm java 6.0.9.0
ibm java 6.0.9.1
ibm java 6.0.9.2
ibm java 6.0.10.0
ibm java 6.0.10.1
ibm java 6.0.11.0
ibm java 6.0.12.0
ibm java 6.0.13.0
ibm java 6.0.13.1
ibm java 6.0.13.2
ibm java 5.0.0.0
ibm java 5.0.11.0
ibm java 5.0.11.1
ibm java 5.0.11.2
ibm java 5.0.12.0
ibm java 5.0.12.1
ibm java 5.0.12.2
ibm java 5.0.12.3
ibm java 5.0.12.4
ibm java 5.0.12.5
ibm java 5.0.13.0
ibm java 5.0.14.0
ibm java 5.0.15.0
ibm java 5.0.16.0
ibm java 5.0.16.1
ibm java 5.0.16.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82F48415-7D29-488D-B0F0-21BBF67A8025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "429E0F9B-63D2-46C1-9BB3-C0B91FC5A0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D454628-6074-42C5-B2F4-8ABC5597746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC71A3DD-E08E-41FF-8443-5A75AD9F4FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09B43A6-87FB-4ECA-B837-469AA63FCED7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55BD6A1E-8043-43AA-980D-8A277CE3CDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8549B650-7862-4C3B-8F26-8D9EC490000E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D960CA-0065-44FE-83C4-F02119FEA7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F28E80-A2FE-4985-8D02-06E6E10D8186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E484DE96-7DDE-4B49-B6CF-E4A4F22BDA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EA48C2-7EF8-4E2E-A366-DE53B73029F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF5408C-D5CA-4404-9268-D0C26325FDD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6515717B-2DBF-4D91-BA6F-8BD77DE860F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A5E269F-A5F5-40D9-8FF2-8FAAD73AFA32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "95CB9215-CB52-484A-A67A-C7C2CBA8F68D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6944A8CC-B4E5-4F1F-BA71-384D7EE074B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8146AC-57A3-4FB3-A384-DD3B00133E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5803B80C-3169-45ED-B5C9-095C032778A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD37B25A-3306-4FD2-84D4-EDDAA3236C12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1752A831-916F-4A7D-8AAE-1CEFACC51F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C9744C4-76BE-428B-AFF2-5BCE00A58322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B1DE45-90F9-416B-9087-8AEF5B0A3C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A731493C-9B46-4105-9902-B15BA0E0FB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49454369-A494-4EAA-88D5-181570DEBB4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14AD4A87-382A-41F0-96D8-0F0A9B738773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33701DDF-6882-41D3-A11B-A1F4585A77A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C5B430-EE11-4674-B4B0-895D66E3B32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1837D84-6B4F-40D8-9A3F-71C328F659BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D20A369B-2168-4883-A84C-BB48A71AFB33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3628AAB4-E524-46E5-AAF4-1980256F13CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DC9FE3-CDE9-4F83-989B-4E431BA18B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F529EB-2BCA-4E3E-93E4-2A9880CDA367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7694638C-CDAC-44DF-B9F9-F7237CD98017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23903A3C-1760-4836-BAE6-BDD32CBB4CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2477E033-D26B-4D71-839B-5FE4B0927559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CAB7BF-265E-411D-A584-E78DE171F065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E45F670-232F-4CE5-8926-6463E5619506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B70E6E3-15B3-4D48-AE49-B9184A58EECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BCE3FD-B89B-4141-8103-9DB941AD60D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EADFB3B-738F-4919-B165-9ECEED46EA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23A5431-E599-4848-AB83-B299898F5EF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D3F84F-3F6E-4DF1-B162-152293D951EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD59912-7325-4AE1-ACCF-D4F804AF3947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62783157-E3B6-4A23-8D2F-1FBD0762E9A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A3129F-17A6-4F32-BD5D-34E4A1D1A840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7CD279-54B6-4F6B-AE14-299FB319C690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA269CA-4676-4008-89EF-20FAB89886A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "601762D3-1188-4945-931D-EB8DAC2847A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA4A30A6-498C-46B8-8EFC-45EB13354EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "414CC00A-C797-4C34-8709-75DC061DCDE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4401B967-0550-44F1-8753-9632120D2A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4961693D-F56C-46CD-B721-6A15E2837C17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4FBB66-CF6A-42D2-B122-1861F4139E75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block."
    },
    {
      "lang": "es",
      "value": "La clase com.ibm.CORBA.iiop.ClientDelegate en IBM Java 1.4.2 en vesiones anteriores a 1.4.2 SR13-FP18, 5.0 en vesiones anteriores a 5.0 SR16-FP3, 6 en vesiones anteriores a 6 SR14, 6.0.1 en vesiones anteriores a 6.0.1 SR6 y 7 en vesiones anteriores a 7 SR5 expone de manera incorrecta el m\u00e9todo invocado de la clase java.lang.reflect.Method, lo que permite a atacantes remotos hacer llamar a setSecurityManager y eludir un mecanismo de protecci\u00f3n de sandbox a trav\u00e9s de vectores relacionados con el bloque AccessController doPrivileged."
    }
  ],
  "id": "CVE-2013-3009",
  "lastModified": "2024-11-21T01:52:49.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-23T11:03:19.693",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://seclists.org/fulldisclosure/2016/Apr/20"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://seclists.org/fulldisclosure/2016/Apr/3"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54154"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44792"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2016/Apr/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2016/Apr/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84150"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.