Описание
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | java-1.5.0-ibm | Not affected | ||
| Red Hat Enterprise Linux 5 | java-1.6.0-ibm | Not affected | ||
| Red Hat Enterprise Linux 6 | java-1.5.0-ibm | Not affected | ||
| Red Hat Enterprise Linux 6 | java-1.6.0-ibm | Not affected | ||
| Supplementary for Red Hat Enterprise Linux 5 | java-1.7.0-ibm | Fixed | RHSA-2013:1507 | 07.11.2013 |
| Supplementary for Red Hat Enterprise Linux 6 | java-1.7.0-ibm | Fixed | RHSA-2013:1507 | 07.11.2013 |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS2
Связанные уязвимости
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
6.8 Medium
CVSS2