First published: Fri Jul 12 2013(Updated: )
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9 | 1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9 |
redhat/java | <1.7.0-ibm-1:1.7.0.5.0-1jpp.2.el5_9 | 1.7.0-ibm-1:1.7.0.5.0-1jpp.2.el5_9 |
redhat/java | <1.5.0-ibm-1:1.5.0.16.3-1jpp.1.el5_9 | 1.5.0-ibm-1:1.5.0.16.3-1jpp.1.el5_9 |
redhat/java | <1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4 | 1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4 |
redhat/java | <1.7.0-ibm-1:1.7.0.5.0-1jpp.2.el6_4 | 1.7.0-ibm-1:1.7.0.5.0-1jpp.2.el6_4 |
redhat/java | <1.5.0-ibm-1:1.5.0.16.3-1jpp.1.el6_4 | 1.5.0-ibm-1:1.5.0.16.3-1jpp.1.el6_4 |
IBM Java | =1.4.2 | |
IBM Java | =1.4.2.13 | |
IBM Java | =1.4.2.13.1 | |
IBM Java | =1.4.2.13.2 | |
IBM Java | =1.4.2.13.3 | |
IBM Java | =1.4.2.13.4 | |
IBM Java | =1.4.2.13.5 | |
IBM Java | =1.4.2.13.6 | |
IBM Java | =1.4.2.13.7 | |
IBM Java | =1.4.2.13.8 | |
IBM Java | =1.4.2.13.9 | |
IBM Java | =1.4.2.13.10 | |
IBM Java | =1.4.2.13.11 | |
IBM Java | =1.4.2.13.12 | |
IBM Java | =1.4.2.13.13 | |
IBM Java | =1.4.2.13.14 | |
IBM Java | =1.4.2.13.15 | |
IBM Java | =1.4.2.13.16 | |
IBM Java | =1.4.2.13.17 | |
IBM Java | =7.0.0.0 | |
IBM Java | =7.0.1.0 | |
IBM Java | =7.0.2.0 | |
IBM Java | =7.0.3.0 | |
IBM Java | =7.0.4.0 | |
IBM Java | =7.0.4.1 | |
IBM Java | =7.0.4.2 | |
IBM Java | =6.0.0.0 | |
IBM Java | =6.0.1.0 | |
IBM Java | =6.0.2.0 | |
IBM Java | =6.0.3.0 | |
IBM Java | =6.0.4.0 | |
IBM Java | =6.0.5.0 | |
IBM Java | =6.0.6.0 | |
IBM Java | =6.0.7.0 | |
IBM Java | =6.0.8.0 | |
IBM Java | =6.0.8.1 | |
IBM Java | =6.0.9.0 | |
IBM Java | =6.0.9.1 | |
IBM Java | =6.0.9.2 | |
IBM Java | =6.0.10.0 | |
IBM Java | =6.0.10.1 | |
IBM Java | =6.0.11.0 | |
IBM Java | =6.0.12.0 | |
IBM Java | =6.0.13.0 | |
IBM Java | =6.0.13.1 | |
IBM Java | =6.0.13.2 | |
IBM Java | =5.0.0.0 | |
IBM Java | =5.0.11.0 | |
IBM Java | =5.0.11.1 | |
IBM Java | =5.0.11.2 | |
IBM Java | =5.0.12.0 | |
IBM Java | =5.0.12.1 | |
IBM Java | =5.0.12.2 | |
IBM Java | =5.0.12.3 | |
IBM Java | =5.0.12.4 | |
IBM Java | =5.0.12.5 | |
IBM Java | =5.0.13.0 | |
IBM Java | =5.0.14.0 | |
IBM Java | =5.0.15.0 | |
IBM Java | =5.0.16.0 | |
IBM Java | =5.0.16.1 | |
IBM Java | =5.0.16.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)