It was reported that the IBM fix for the issue 67 from this document http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf didn't address the problem properly. References: http://seclists.org/fulldisclosure/2016/Apr/3 Full report: http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf
Issue 67 was previously tracked via bug 985501. However, as noted in bug 985501 comment 2, there is no public information allowing to map between Security Explorations' issue numbers and CVE ids mentioned in the bug report.
(In reply to Tomas Hoger from comment #1) > Issue 67 was previously tracked via bug 985501. However, as noted in bug > 985501 comment 2, there is no public information allowing to map between > Security Explorations' issue numbers and CVE ids mentioned in the bug report. The original reporter indicated that the CVE-2013-3009 was assigned to the Issue 67: http://seclists.org/fulldisclosure/2016/Apr/20
This issue is listed as fixed in IBM JDK 6 SR16-FP25, 7 SR9-FP40, 7R1 SR3-FP40, and 8 SR3: http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016 IBM flaw description: CVEID: CVE-2016-0363 DESCRIPTION: IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. This vulnerability was originally reported as CVE-2013-3009. CVSS Base Score: 8.1 CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) http://www-01.ibm.com/support/docview.wss?uid=swg21980826
External Reference: http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Red Hat Enterprise Linux 6 Supplementary Via RHSA-2016:0701 https://rhn.redhat.com/errata/RHSA-2016-0701.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Supplementary Via RHSA-2016:0702 https://rhn.redhat.com/errata/RHSA-2016-0702.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Red Hat Enterprise Linux 5 Supplementary Via RHSA-2016:0708 https://rhn.redhat.com/errata/RHSA-2016-0708.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2016:0716 https://rhn.redhat.com/errata/RHSA-2016-0716.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2016:1039 https://rhn.redhat.com/errata/RHSA-2016-1039.html
This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430
This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216