CVE-2013-3009

Table of Contents

Impact:
Important
Public Date:
2013-07-12
Bugzilla:
985501: CVE-2013-3006 CVE-2013-3007 CVE-2013-3008 CVE-2013-3009 CVE-2013-3010 CVE-2013-3011 CVE-2013-3012 IBM JDK: Unspecified security fixes (July 2013)

The MITRE CVE dictionary describes this issue as:

The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.

Find out more about CVE-2013-3009 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2013:1060 2013-07-15
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) RHSA-2013:1081 2013-07-16
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2013:1081 2013-07-16
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2013:1060 2013-07-15
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2013:1059 2013-07-15
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2013:1059 2013-07-15
Last Modified

CVE description copyright © 2017, The MITRE Corporation