Unspecified vulnerability in the Java Naming and Directory Interface (JNDI)
component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update
25, and 1.4.2_27 allows remote attackers to affect confidentiality via
unknown vectors. NOTE: the previous information was obtained from the
October 2010 CPU. Oracle has not commented on claims from a reliable
downstream vendor that this allows remote attackers to determine internal
IP addresses or “otherwise-protected internal network names.”
Notes
Author |
Note |
sbeattie |
red hat description: Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. |