Lucene search
Ben MurphyZDI-13-159HistoryJun 27, 2013 - 12:00 a.m.
Oracle Java ManagedObjectManagerFactory Security Manager Bypass Remote Code Execution Vulnerabillity
2013-06-2700:00:00
Ben Murphy
www.zerodayinitiative.com
14
0.046 Low
EPSS
Percentile
92.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the com.sun.org.glassfish.gmbal.ManagedObjectManagerFactor class. The issue lies in the failure to validate permission to access a method during method call. This allows access to methods in classes that would otherwise not be reachable. An attacker can leverage this vulnerability to execute code under the context of the current process.
Related
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:45:32
Privilege Escalation
2019-05-02 04:46:31
Information Disclosure
2019-05-02 04:46:29
cvelist
cvelist
cve
cve
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
nvd
nvd
ubuntucve
ubuntucve
openvas
openvas
Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)
2013-06-24 00:00:00
Oracle Java SE Multiple Vulnerabilities -03 (Jun 2013) - Windows
2013-06-24 00:00:00
Oracle: Security Advisory (ELSA-2013-1014)
2015-10-06 00:00:00
ibm
ibm
nessus
nessus
Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1014)
2013-07-12 00:00:00
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130703)
2013-07-05 00:00:00
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-207)
2013-09-04 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
mageia
mageia
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
centos
centos
java security update
2013-07-04 10:07:44
java security update
2013-06-20 06:43:01
java security update
2013-06-20 06:46:44
redhat
redhat
(RHSA-2013:1014) Important: java-1.6.0-openjdk security update
2013-07-03 00:00:00
(RHSA-2013:1081) Important: java-1.5.0-ibm security update
2013-07-16 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-07-03 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
suse
suse
Security update for java-1_6_0-openjdk (important)
2013-07-23 22:04:14
Security update for IBMJava5 JRE and IBMJava5 SDK (important)
2013-08-02 23:04:12
Security update for java-1_5_0-ibm (important)
2013-07-30 17:04:11
debian
debian
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:11:57
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:52:23
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
IcedTea Web update
2013-07-16 00:00:00
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00