First published: Tue Nov 05 2013(Updated: )
An unspecified Java sandbox bypass issue in the XML component was fixed in IBM JDK 7 SR6. This issue got the following CVSSv2 score upstream: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C <a href="https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013">https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013</a> <a href="https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6">https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6</a> Further info is available in this WebSphere Real Time security bulletin: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R">http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R</a> <a href="https://access.redhat.com/security/cve/CVE-2013-5456">CVE-2013-5456</a>, <a href="https://access.redhat.com/security/cve/CVE-2013-5457">CVE-2013-5457</a> and <a href="https://access.redhat.com/security/cve/CVE-2013-5458">CVE-2013-5458</a> allow code running under a security manager to escalate its privileges by modifying or removing the security manager. Additional details may become available under this X-Force database article: <a href="http://xforce.iss.net/xforce/xfdb/88257">http://xforce.iss.net/xforce/xfdb/88257</a>
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10 | 1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10 |
redhat/java | <1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4 | 1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4 |
IBM Java | =7.0.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.