PT-2013-2325 · Oracle+4 · Java Se+6

Stefan Cornelius

·

Publicado

2013-02-01

·

Atualizado

2024-06-15

·

CVE-2013-0429

CVSS v2.0

7.6

Alta

VetorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Java SE versions 5.0 through Update 38 Java SE versions 6 through Update 38 Java SE versions 7 through Update 11 OpenJDK versions 6 and 7
Description The issue affects confidentiality, integrity, and availability via vectors related to CORBA. It is claimed that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Recommendations For Java SE versions 5.0 through Update 38, update to a version later than Update 38 to resolve the issue. For Java SE versions 6 through Update 38, update to a version later than Update 38 to resolve the issue. For Java SE versions 7 through Update 11, update to a version later than Update 11 to resolve the issue. For OpenJDK versions 6 and 7, consider disabling the CORBA component as a temporary workaround until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CESA-2013_0245
CESA-2013_0247
CVE-2013-0429
HPSBUX02857
HPSBUX02864
OPENSUSE-SU-2013_0308-1
OPENSUSE-SU-2013_0312-1
OPENSUSE-SU-2013_0377-1
OPENSUSE-SU-2024:10534-1
RHSA-2013:0236
RHSA-2013:0237
RHSA-2013:0245
RHSA-2013:0246
RHSA-2013:0247
RHSA-2013_0236
RHSA-2013_0237
RHSA-2013_0245
RHSA-2013_0246
RHSA-2013_0247

Produtos afetados

Centos
Hp-Ux
Java Platform
Java Se
Openjdk
Red Hat
Suse