Veracode Vulnerability DatabaseVERACODE:16890Sandbox Restrictions Bypass
0.027 Low
EPSS
Percentile
90.5%
java is vulnerable to sandbox restrictions bypass. The invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block allows remote attackers to call setSecurityManager to bypass the sandbox restrictions.
References
lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html
rhn.redhat.com/errata/RHSA-2016-0701.html
rhn.redhat.com/errata/RHSA-2016-0702.html
rhn.redhat.com/errata/RHSA-2016-0708.html
rhn.redhat.com/errata/RHSA-2016-0716.html
rhn.redhat.com/errata/RHSA-2016-1039.html
seclists.org/fulldisclosure/2016/Apr/20
seclists.org/fulldisclosure/2016/Apr/3
www-01.ibm.com/support/docview.wss?uid=swg1IX90172
www-01.ibm.com/support/docview.wss?uid=swg21980826
www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf
www.securityfocus.com/bid/85895
www.securitytracker.com/id/1035953
access.redhat.com/errata/RHSA-2016:1430
access.redhat.com/errata/RHSA-2017:1216
access.redhat.com/security/updates/classification/#critical
rhn.redhat.com/errata/RHSA-2016-0708.html
www.ibm.com/developerworks/java/jdk/alerts/
Related
