QwikSec

Security Database

CVE

CWE

Training

CVE-2013-5456

Published: Nov 24, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_AIXAPAR

ibm-java-cve20135456-code-exec(88255)

vdb-entry

x_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21655202

x_refsource_CONFIRM

SUSE-SU-2013:1677

vendor-advisory

x_refsource_SUSE

http://www-01.ibm.com/support/docview.wss?uid=swg21655201

x_refsource_CONFIRM

http://www.security-explorations.com/materials/SE-2012-01-IBM-3.pdf

x_refsource_MISC

https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.