[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-2035Date: (C)2013-08-30   (M)2023-12-22


Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1029431
SECUNIA-53415
SECUNIA-54108
SECUNIA-57915
OSVDB-93411
RHSA-2013:1029
RHSA-2013:1784
RHSA-2013:1785
RHSA-2013:1786
RHSA-2014:0029
RHSA-2014:0245
RHSA-2014:0254
RHSA-2014:0400
RHSA-2015:0034
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035
https://github.com/fusesource/hawtjni/commit/92c266170ce98edc200c656bd034a237098b8aa5
https://github.com/jline/jline2/issues/85
https://github.com/jruby/jruby/issues/732

CPE    7
cpe:/a:redhat:hawtjni:1.1
cpe:/a:redhat:hawtjni:1.0
cpe:/a:redhat:hawtjni:1.6
cpe:/a:redhat:hawtjni:1.3
...
CWE    1
CWE-94

© SecPod Technologies