CVE-2013-5456 | Vulnerability Database | Aqua Security

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.

Affected Software

Name	Vendor	Start Version	End Version
Java	Ibm	7.0.0.0 (including)	7.0.0.0 (including)
Supplementary for Red Hat Enterprise Linux 5	RedHat	java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el5_10	*
Supplementary for Red Hat Enterprise Linux 6	RedHat	java-1.7.0-ibm-1:1.7.0.6.0-1jpp.1.el6_4	*

References

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IV51329
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
http://www.security-explorations.com/materials/SE-2012-01-IBM-3.pdf
http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88255
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-1507.html
http://secunia.com/advisories/56338
http://www-01.ibm.com/support/docview.wss?uid=swg1IV51329
http://www-01.ibm.com/support/docview.wss?uid=swg21655201
http://www-01.ibm.com/support/docview.wss?uid=swg21655202
http://www.security-explorations.com/materials/SE-2012-01-IBM-3.pdf
http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88255
https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-5456
CWE	https://cwe.mitre.org/data/definitions/.html