FKIE_CVE-2013-3009

Vulnerability from fkie_nvd - Published: 2013-07-23 11:03 - Updated: 2025-04-11 00:51
Severity ?
Summary
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
References
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1059.html
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1060.html
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2013-1081.html
psirt@us.ibm.comhttp://seclists.org/fulldisclosure/2016/Apr/20
psirt@us.ibm.comhttp://seclists.org/fulldisclosure/2016/Apr/3
psirt@us.ibm.comhttp://secunia.com/advisories/54154Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV44792
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IX90118
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PM91727
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21642336Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
psirt@us.ibm.comhttp://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
psirt@us.ibm.comhttp://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf
psirt@us.ibm.comhttp://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/84150
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1059.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1060.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1081.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2016/Apr/20
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2016/Apr/3
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54154Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV44792
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21642336Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21644197Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/84150
Impacted products
Vendor Product Version
ibm java 1.4.2
ibm java 1.4.2.13
ibm java 1.4.2.13.1
ibm java 1.4.2.13.2
ibm java 1.4.2.13.3
ibm java 1.4.2.13.4
ibm java 1.4.2.13.5
ibm java 1.4.2.13.6
ibm java 1.4.2.13.7
ibm java 1.4.2.13.8
ibm java 1.4.2.13.9
ibm java 1.4.2.13.10
ibm java 1.4.2.13.11
ibm java 1.4.2.13.12
ibm java 1.4.2.13.13
ibm java 1.4.2.13.14
ibm java 1.4.2.13.15
ibm java 1.4.2.13.16
ibm java 1.4.2.13.17
ibm java 7.0.0.0
ibm java 7.0.1.0
ibm java 7.0.2.0
ibm java 7.0.3.0
ibm java 7.0.4.0
ibm java 7.0.4.1
ibm java 7.0.4.2
ibm java 6.0.0.0
ibm java 6.0.1.0
ibm java 6.0.2.0
ibm java 6.0.3.0
ibm java 6.0.4.0
ibm java 6.0.5.0
ibm java 6.0.6.0
ibm java 6.0.7.0
ibm java 6.0.8.0
ibm java 6.0.8.1
ibm java 6.0.9.0
ibm java 6.0.9.1
ibm java 6.0.9.2
ibm java 6.0.10.0
ibm java 6.0.10.1
ibm java 6.0.11.0
ibm java 6.0.12.0
ibm java 6.0.13.0
ibm java 6.0.13.1
ibm java 6.0.13.2
ibm java 5.0.0.0
ibm java 5.0.11.0
ibm java 5.0.11.1
ibm java 5.0.11.2
ibm java 5.0.12.0
ibm java 5.0.12.1
ibm java 5.0.12.2
ibm java 5.0.12.3
ibm java 5.0.12.4
ibm java 5.0.12.5
ibm java 5.0.13.0
ibm java 5.0.14.0
ibm java 5.0.15.0
ibm java 5.0.16.0
ibm java 5.0.16.1
ibm java 5.0.16.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82F48415-7D29-488D-B0F0-21BBF67A8025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "429E0F9B-63D2-46C1-9BB3-C0B91FC5A0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D454628-6074-42C5-B2F4-8ABC5597746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC71A3DD-E08E-41FF-8443-5A75AD9F4FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09B43A6-87FB-4ECA-B837-469AA63FCED7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55BD6A1E-8043-43AA-980D-8A277CE3CDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8549B650-7862-4C3B-8F26-8D9EC490000E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "89D960CA-0065-44FE-83C4-F02119FEA7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F28E80-A2FE-4985-8D02-06E6E10D8186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E484DE96-7DDE-4B49-B6CF-E4A4F22BDA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6EA48C2-7EF8-4E2E-A366-DE53B73029F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF5408C-D5CA-4404-9268-D0C26325FDD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6515717B-2DBF-4D91-BA6F-8BD77DE860F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A5E269F-A5F5-40D9-8FF2-8FAAD73AFA32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "95CB9215-CB52-484A-A67A-C7C2CBA8F68D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6944A8CC-B4E5-4F1F-BA71-384D7EE074B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8146AC-57A3-4FB3-A384-DD3B00133E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5803B80C-3169-45ED-B5C9-095C032778A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:1.4.2.13.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD37B25A-3306-4FD2-84D4-EDDAA3236C12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8BF650-B8F5-467E-8DBF-81788B55F345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1752A831-916F-4A7D-8AAE-1CEFACC51F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C9744C4-76BE-428B-AFF2-5BCE00A58322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B1DE45-90F9-416B-9087-8AEF5B0A3C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF6A045-0DF6-463B-A0DB-6C31D8C2984C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A731493C-9B46-4105-9902-B15BA0E0FB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:7.0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49454369-A494-4EAA-88D5-181570DEBB4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14AD4A87-382A-41F0-96D8-0F0A9B738773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33701DDF-6882-41D3-A11B-A1F4585A77A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25C58BBA-06AC-40CD-A906-FD1B3B0AAB69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C5B430-EE11-4674-B4B0-895D66E3B32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1837D84-6B4F-40D8-9A3F-71C328F659BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D20A369B-2168-4883-A84C-BB48A71AFB33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3628AAB4-E524-46E5-AAF4-1980256F13CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DC9FE3-CDE9-4F83-989B-4E431BA18B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C17B1C6B-04CE-49FB-B9BD-98ECD626B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F529EB-2BCA-4E3E-93E4-2A9880CDA367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEAC3D6-F9F8-4F82-9BF1-FF0EC07A3274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7694638C-CDAC-44DF-B9F9-F7237CD98017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23903A3C-1760-4836-BAE6-BDD32CBB4CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2477E033-D26B-4D71-839B-5FE4B0927559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CAB7BF-265E-411D-A584-E78DE171F065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E45F670-232F-4CE5-8926-6463E5619506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B70E6E3-15B3-4D48-AE49-B9184A58EECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5BCE3FD-B89B-4141-8103-9DB941AD60D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EADFB3B-738F-4919-B165-9ECEED46EA6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:6.0.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23A5431-E599-4848-AB83-B299898F5EF0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D3F84F-3F6E-4DF1-B162-152293D951EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A18121C3-F3F1-4EC7-A64E-3F6A0C9788C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD59912-7325-4AE1-ACCF-D4F804AF3947",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62783157-E3B6-4A23-8D2F-1FBD0762E9A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14CC0D53-8AB8-4D44-82BB-0E6A974C36AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A3129F-17A6-4F32-BD5D-34E4A1D1A840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2845FF4-2620-4B8D-96CF-CC26B3DEA3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7CD279-54B6-4F6B-AE14-299FB319C690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA269CA-4676-4008-89EF-20FAB89886A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D22105B6-1378-4E1C-B28A-FCAE00A2D5CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "601762D3-1188-4945-931D-EB8DAC2847A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA4A30A6-498C-46B8-8EFC-45EB13354EAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "414CC00A-C797-4C34-8709-75DC061DCDE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4401B967-0550-44F1-8753-9632120D2A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4961693D-F56C-46CD-B721-6A15E2837C17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java:5.0.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4FBB66-CF6A-42D2-B122-1861F4139E75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block."
    },
    {
      "lang": "es",
      "value": "La clase com.ibm.CORBA.iiop.ClientDelegate en IBM Java 1.4.2 en vesiones anteriores a 1.4.2 SR13-FP18, 5.0 en vesiones anteriores a 5.0 SR16-FP3, 6 en vesiones anteriores a 6 SR14, 6.0.1 en vesiones anteriores a 6.0.1 SR6 y 7 en vesiones anteriores a 7 SR5 expone de manera incorrecta el m\u00e9todo invocado de la clase java.lang.reflect.Method, lo que permite a atacantes remotos hacer llamar a setSecurityManager y eludir un mecanismo de protecci\u00f3n de sandbox a trav\u00e9s de vectores relacionados con el bloque AccessController doPrivileged."
    }
  ],
  "id": "CVE-2013-3009",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-07-23T11:03:19.693",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://seclists.org/fulldisclosure/2016/Apr/20"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://seclists.org/fulldisclosure/2016/Apr/3"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54154"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44792"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2016/Apr/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2016/Apr/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV44792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IX90118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM91727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84150"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.