← voltar
CVE-2013-3009

CVE-2013-3009

EPSS 4.4%
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1059.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1060.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1081.htmlhttp://seclists.org/fulldisclosure/2016/Apr/20http://seclists.org/fulldisclosure/2016/Apr/3