Описание
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-5456
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88255
- https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2013-1507.html
- http://secunia.com/advisories/56338
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV51329
- http://www-01.ibm.com/support/docview.wss?uid=swg21655201
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202
- http://www.security-explorations.com/materials/SE-2012-01-IBM-3.pdf
- http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf
EPSS
CVE ID
Связанные уязвимости
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
EPSS