PT-2013-2325 · Oracle+4 · Java Se+6

Stefan Cornelius

·

Published

2013-02-01

·

Updated

2024-06-15

·

CVE-2013-0429

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Java SE versions 5.0 through Update 38 Java SE versions 6 through Update 38 Java SE versions 7 through Update 11 OpenJDK versions 6 and 7
Description The issue affects confidentiality, integrity, and availability via vectors related to CORBA. It is claimed that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Recommendations For Java SE versions 5.0 through Update 38, update to a version later than Update 38 to resolve the issue. For Java SE versions 6 through Update 38, update to a version later than Update 38 to resolve the issue. For Java SE versions 7 through Update 11, update to a version later than Update 11 to resolve the issue. For OpenJDK versions 6 and 7, consider disabling the CORBA component as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0245
CESA-2013_0247
CVE-2013-0429
HPSBUX02857
HPSBUX02864
OPENSUSE-SU-2013_0308-1
OPENSUSE-SU-2013_0312-1
OPENSUSE-SU-2013_0377-1
OPENSUSE-SU-2024:10534-1
RHSA-2013:0236
RHSA-2013:0237
RHSA-2013:0245
RHSA-2013:0246
RHSA-2013:0247
RHSA-2013_0236
RHSA-2013_0237
RHSA-2013_0245
RHSA-2013_0246
RHSA-2013_0247

Affected Products

Centos
Hp-Ux
Java Platform
Java Se
Openjdk
Red Hat
Suse