- Vulnerability/
- REDHAT-BUG-1027748
REDHAT-BUG-1027748
First published: Thu Nov 07 2013(Updated: )
An unspecified Java sandbox bypass issue in the ORB component was fixed in IBM JDK 7 SR6. This issue got the following CVSSv2 score upstream: 9.3/AV:N/AC:M/Au:N/C:C/I:C/A:C <a href="https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013">https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013</a> <a href="https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6">https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6</a> Further info is available in this WebSphere Real Time security bulletin: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R">http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R</a> <a href="https://access.redhat.com/security/cve/CVE-2013-5456">CVE-2013-5456</a>, <a href="https://access.redhat.com/security/cve/CVE-2013-5457">CVE-2013-5457</a> and <a href="https://access.redhat.com/security/cve/CVE-2013-5458">CVE-2013-5458</a> allow code running under a security manager to escalate its privileges by modifying or removing the security manager. Additional details may become available under this X-Force database article: <a href="http://xforce.iss.net/xforce/xfdb/88255">http://xforce.iss.net/xforce/xfdb/88255</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM JDK |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
- https://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR6
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202&myns=swgws&mynp=OCSSSTCZ&mync=R
- https://access.redhat.com/security/cve/CVE-2013-5456
- https://access.redhat.com/security/cve/CVE-2013-5457
- https://access.redhat.com/security/cve/CVE-2013-5458
- http://xforce.iss.net/xforce/xfdb/88255
- https://rhn.redhat.com/errata/RHSA-2013-1507.html
- http://www.security-explorations.com/materials/SE-2012-01-IBM-3.pdf
- http://www.security-explorations.com/materials/se-2012-01-70.71.zip
- http://seclists.org/fulldisclosure/2016/Apr/43
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1330986
- https://bugzilla.redhat.com/show_bug.cgi?id=1027748
Frequently Asked Questions
What is the severity of REDHAT-BUG-1027748?
The severity of REDHAT-BUG-1027748 is rated at 9.3 on the CVSSv2 scale, indicating a critical vulnerability.
How do I fix REDHAT-BUG-1027748?
To fix REDHAT-BUG-1027748, upgrade to IBM JDK 7 SR6 or later versions that contain the patch.
What component is affected by REDHAT-BUG-1027748?
The ORB component of the Java environment is affected by REDHAT-BUG-1027748.
Is authentication required to exploit REDHAT-BUG-1027748?
No, authentication is not required to exploit REDHAT-BUG-1027748.
What types of data are vulnerable due to REDHAT-BUG-1027748?
Confidentiality, integrity, and availability of data are at risk due to REDHAT-BUG-1027748.
- collector/redhat-bugzilla
- alias/CVE-2013-5456
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm jdk