Back to search
CVE-2013-3009
Published: Jul 23, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2013:1060
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2013:1264
vendor-advisory
x_refsource_SUSE
SUSE-SU-2013:1257
vendor-advisory
x_refsource_SUSE
SUSE-SU-2013:1256
vendor-advisory
x_refsource_SUSE
54154
third-party-advisory
x_refsource_SECUNIA
IV44792
vendor-advisory
x_refsource_AIXAPAR
SUSE-SU-2013:1263
vendor-advisory
x_refsource_SUSE
RHSA-2013:1059
vendor-advisory
x_refsource_REDHAT
ibm-java-cve20133009(84150)
vdb-entry
x_refsource_XF
20160405 Re: [SE-2012-01] Broken security fix in IBM Java 7/8
mailing-list
x_refsource_FULLDISC
http://www-01.ibm.com/support/docview.wss?uid=swg21644197
x_refsource_CONFIRM
IX90118
vendor-advisory
x_refsource_AIXAPAR
SUSE-SU-2013:1293
vendor-advisory
x_refsource_SUSE
RHSA-2013:1081
vendor-advisory
x_refsource_REDHAT
20160404 [SE-2012-01] Broken security fix in IBM Java 7/8
mailing-list
x_refsource_FULLDISC
SUSE-SU-2013:1255
vendor-advisory
x_refsource_SUSE
PM91727
vendor-advisory
x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
x_refsource_CONFIRM
SUSE-SU-2013:1305
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now