Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:JAVA:IBM-RMI-PROXY-RCE

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 IBM Java package com.ibm.rmi.util.ProxyUtil Remote Code Execution

Release Date

 2013/02/17

Update Number

 2234

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: IBM Java package com.ibm.rmi.util.ProxyUtil Remote Code Execution


This signature detects attempts to exploit a known flaw in IBM Java "com.ibm.rmi.util.ProxyUtil" package. A successful attack can lead to arbitrary code execution.

Extended Description

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method."

Affected Products

  • ibm java 1.4.2
  • ibm java 1.4.2.13
  • ibm java 1.4.2.13.1
  • ibm java 1.4.2.13.10
  • ibm java 1.4.2.13.11
  • ibm java 1.4.2.13.12
  • ibm java 1.4.2.13.2
  • ibm java 1.4.2.13.3
  • ibm java 1.4.2.13.4
  • ibm java 1.4.2.13.5
  • ibm java 1.4.2.13.6
  • ibm java 1.4.2.13.7
  • ibm java 1.4.2.13.8
  • ibm java 1.4.2.13.9
  • ibm java 5.0.0.0
  • ibm java 5.0.11.1
  • ibm java 5.0.11.2
  • ibm java 5.0.12.0
  • ibm java 5.0.12.1
  • ibm java 5.0.12.2
  • ibm java 5.0.12.3
  • ibm java 5.0.12.4
  • ibm java 5.0.12.5
  • ibm java 5.0.13.0
  • ibm java 6.0.0.0
  • ibm java 6.0.1.0
  • ibm java 6.0.10.0
  • ibm java 6.0.10.1
  • ibm java 6.0.2.0
  • ibm java 6.0.7.0
  • ibm java 6.0.8.0
  • ibm java 6.0.8.1
  • ibm java 6.0.9.0
  • ibm java 6.0.9.1
  • ibm java 6.0.9.2
  • ibm java 7.0.0.0
  • ibm java 7.0.1.0
  • ibm java 7.0.3.0
  • ibm java up to 1.4.2.13.13
  • ibm java up to 5.0.14.0
  • ibm java up to 6.0.11.0
  • ibm java up to 6.0.3.0
  • ibm java up to 7.0.2.0
  • ibm lotus_domino 8.0
  • ibm lotus_domino 8.0.1
  • ibm lotus_domino 8.0.2
  • ibm lotus_domino 8.0.2.1
  • ibm lotus_domino 8.0.2.2
  • ibm lotus_domino 8.0.2.3
  • ibm lotus_domino 8.0.2.4
  • ibm lotus_domino 8.5.0
  • ibm lotus_domino 8.5.0.1
  • ibm lotus_domino 8.5.1
  • ibm lotus_domino 8.5.1.1
  • ibm lotus_domino 8.5.1.2
  • ibm lotus_domino 8.5.1.3
  • ibm lotus_domino 8.5.1.4
  • ibm lotus_domino 8.5.1.5
  • ibm lotus_domino 8.5.2.0
  • ibm lotus_domino 8.5.2.1
  • ibm lotus_domino 8.5.2.2
  • ibm lotus_domino 8.5.2.3
  • ibm lotus_domino 8.5.2.4
  • ibm lotus_domino 8.5.3.0
  • ibm lotus_domino 8.5.3.1
  • ibm lotus_domino 8.5.3.2
  • ibm lotus_notes 8.0
  • ibm lotus_notes 8.0.0
  • ibm lotus_notes 8.0.1
  • ibm lotus_notes 8.0.2
  • ibm lotus_notes 8.0.2.0
  • ibm lotus_notes 8.0.2.1
  • ibm lotus_notes 8.0.2.2
  • ibm lotus_notes 8.0.2.3
  • ibm lotus_notes 8.0.2.4
  • ibm lotus_notes 8.0.2.5
  • ibm lotus_notes 8.0.2.6
  • ibm lotus_notes 8.5
  • ibm lotus_notes 8.5.0.0
  • ibm lotus_notes 8.5.0.1
  • ibm lotus_notes 8.5.1
  • ibm lotus_notes 8.5.1.0
  • ibm lotus_notes 8.5.1.1
  • ibm lotus_notes 8.5.1.2
  • ibm lotus_notes 8.5.1.3
  • ibm lotus_notes 8.5.1.4
  • ibm lotus_notes 8.5.1.5
  • ibm lotus_notes 8.5.2.0
  • ibm lotus_notes 8.5.2.1
  • ibm lotus_notes 8.5.2.2
  • ibm lotus_notes 8.5.2.3
  • ibm lotus_notes 8.5.3
  • ibm lotus_notes 8.5.3.1
  • ibm lotus_notes 8.5.3.2
  • ibm lotus_notes 8.5.4
  • ibm lotus_notes_sametime 8.0.80407
  • ibm lotus_notes_sametime 8.0.80822
  • ibm lotus_notes_sametime 8.5.1.20100709-1631 (:~~advanced_embedded~~~)
  • ibm lotus_notes_traveler 8.0
  • ibm lotus_notes_traveler 8.0.1
  • ibm lotus_notes_traveler 8.0.1.2
  • ibm lotus_notes_traveler 8.0.1.3
  • ibm lotus_notes_traveler 8.5.0.0
  • ibm lotus_notes_traveler 8.5.0.1
  • ibm lotus_notes_traveler 8.5.0.2
  • ibm lotus_notes_traveler 8.5.1.1
  • ibm lotus_notes_traveler 8.5.1.2
  • ibm lotus_notes_traveler 8.5.1.3
  • ibm lotus_notes_traveler 8.5.2.1
  • ibm lotus_notes_traveler 8.5.3
  • ibm lotus_notes_traveler 8.5.3.1
  • ibm lotus_notes_traveler 8.5.3.2
  • ibm lotus_notes_traveler 8.5.3.3 (interim_fix_1)
  • ibm rational_change 4.7
  • ibm rational_change 5.1
  • ibm rational_change 5.2
  • ibm rational_change 5.3
  • ibm rational_host_on-demand 10.0.10.0
  • ibm rational_host_on-demand 10.0.9.0
  • ibm rational_host_on-demand 11.0.3.0
  • ibm rational_host_on-demand 11.0.4.0
  • ibm rational_host_on-demand 11.0.5.0
  • ibm rational_host_on-demand 11.0.5.1
  • ibm rational_host_on-demand 11.0.6.0
  • ibm rational_host_on-demand 11.0.6.1
  • ibm rational_host_on-demand 1.6.0.12
  • ibm rational_host_on-demand 8.0.8.0
  • ibm rational_host_on-demand 9.0.8.0
  • ibm service_delivery_manager 7.2.1.0
  • ibm service_delivery_manager 7.2.2.0
  • ibm smart_analytics_system_5600 7200
  • ibm smart_analytics_system_5600_software -
  • ibm smart_analytics_system_5600_software 9.7
  • ibm tivoli_monitoring 6.1.0
  • ibm tivoli_monitoring 6.1.0.7
  • ibm tivoli_monitoring 6.2.0
  • ibm tivoli_monitoring 6.2.0.1
  • ibm tivoli_monitoring 6.2.0.2
  • ibm tivoli_monitoring 6.2.0.3
  • ibm tivoli_monitoring 6.2.1
  • ibm tivoli_monitoring 6.2.1.0
  • ibm tivoli_monitoring 6.2.1.1
  • ibm tivoli_monitoring 6.2.1.2
  • ibm tivoli_monitoring 6.2.1.3
  • ibm tivoli_monitoring 6.2.1.4
  • ibm tivoli_monitoring 6.2.2
  • ibm tivoli_monitoring 6.2.2.0
  • ibm tivoli_monitoring 6.2.2.1
  • ibm tivoli_monitoring 6.2.2.2
  • ibm tivoli_monitoring 6.2.2.3
  • ibm tivoli_monitoring 6.2.2.4
  • ibm tivoli_monitoring 6.2.2.5
  • ibm tivoli_monitoring 6.2.2.6
  • ibm tivoli_monitoring 6.2.2.7
  • ibm tivoli_monitoring 6.2.2.8
  • ibm tivoli_monitoring 6.2.2.9
  • ibm tivoli_monitoring 6.2.3
  • ibm tivoli_monitoring 6.2.3.0
  • ibm tivoli_monitoring 6.2.3.1
  • ibm tivoli_monitoring 6.2.3.2
  • ibm tivoli_remote_control 5.1.2
  • ibm websphere_real_time 2.0
  • ibm websphere_real_time 3.0
  • tivoli_storage_productivity_center 5.0
  • tivoli_storage_productivity_center 5.1
  • tivoli_storage_productivity_center 5.1.1

References

  • BugTraq: 55495
  • CVE: CVE-2012-4820

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out