Veracode Vulnerability DatabaseVERACODE:16891Sandbox Restrictions Bypass
EPSS
Percentile
94.0%
java is vulnerable to sandbox restrictions bypass. Lack of proper deserialization in an AccessController doPrivileged block allows remote attackers to bypass sandbox restrictions and execute arbitrary code via the readValue method of com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class.
References
lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html
rhn.redhat.com/errata/RHSA-2016-0701.html
rhn.redhat.com/errata/RHSA-2016-0702.html
rhn.redhat.com/errata/RHSA-2016-0708.html
rhn.redhat.com/errata/RHSA-2016-0716.html
rhn.redhat.com/errata/RHSA-2016-1039.html
seclists.org/fulldisclosure/2016/Apr/43
www-01.ibm.com/support/docview.wss?uid=swg1IX90171
www-01.ibm.com/support/docview.wss?uid=swg21980826
www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf
www.securityfocus.com/archive/1/538066/100/100/threaded
www.securityfocus.com/bid/89192
www.securitytracker.com/id/1035953
access.redhat.com/errata/RHSA-2016:1430
access.redhat.com/errata/RHSA-2017:1216
access.redhat.com/security/updates/classification/#critical
rhn.redhat.com/errata/RHSA-2016-0708.html
www.ibm.com/developerworks/java/jdk/alerts/
Related
