Vulnerability Description
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Hawtjni | <= 1.7 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-1029.html
- http://rhn.redhat.com/errata/RHSA-2013-1784.html
- http://rhn.redhat.com/errata/RHSA-2013-1785.html
- http://rhn.redhat.com/errata/RHSA-2013-1786.html
- http://rhn.redhat.com/errata/RHSA-2014-0029.html
- http://rhn.redhat.com/errata/RHSA-2014-0245.html
- http://rhn.redhat.com/errata/RHSA-2014-0254.html
- http://rhn.redhat.com/errata/RHSA-2014-0400.html
- http://rhn.redhat.com/errata/RHSA-2015-0034.html
- http://secunia.com/advisories/53415
- http://secunia.com/advisories/54108
- http://secunia.com/advisories/57915
- http://www.osvdb.org/93411
- http://www.securitytracker.com/id/1029431
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2035
FAQ
What is CVE-2013-2035?
CVE-2013-2035 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary ...
How severe is CVE-2013-2035?
CVE-2013-2035 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2035?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Hawtjni.