CVE-2013-1537

Name of the Vulnerable Software and Affected Versions Java SE versions 7 Update 17 and earlier Java SE versions 6 Update 43 and earlier Java SE versions 5.0 Update 41 and earlier OpenJDK versions 6 and 7

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. It is reportedly related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform dynamic class downloading and execute arbitrary code.

Recommendations For Java SE versions 7 Update 17 and earlier, update to a version later than Update 17. For Java SE versions 6 Update 43 and earlier, update to a version later than Update 43. For Java SE versions 5.0 Update 41 and earlier, update to a version later than Update 41. For OpenJDK versions 6 and 7, consider disabling the RMI functionality until a patch is available. As a temporary workaround, consider setting java.rmi.server.useCodebaseOnly to true to prevent dynamic class downloading.