Sandbox Restrictions Bypass

2019-01-1508:56:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

openjdk is vulnerable to sandbox restrictions bypass. Improper permission checks allow an untrusted Java application or applet to bypass Java sandbox restrictions and perform unauthorized actions.

CPENameOperatorVersion
java-1.7.0-openjdkeq1.7.0.51__2.4.4.1.el6_5
java-1.7.0-openjdkeq1.7.0.45__2.4.3.2.el6_4
java-1.7.0-openjdkeq1.7.0.55__2.4.7.1.el6_5
java-1.7.0-openjdkeq1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdkeq1.7.0.55__2.4.7.1.el5_10
java-1.7.0-openjdkeq1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdkeq1.7.0.45__2.4.3.4.el6_5
java-1.7.0-openjdkeq1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdkeq1.7.0.45__2.4.3.3.el6
java-1.7.0-openjdkeq1.7.0.9__2.3.8.0.el5_9

Name	Operator	Version
java-1.7.0-openjdk	eq	1.7.0.51__2.4.4.1.el6_5
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.2.el6_4
java-1.7.0-openjdk	eq	1.7.0.55__2.4.7.1.el6_5
java-1.7.0-openjdk	eq	1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdk	eq	1.7.0.55__2.4.7.1.el5_10
java-1.7.0-openjdk	eq	1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.4.el6_5
java-1.7.0-openjdk	eq	1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.3.el6
java-1.7.0-openjdk	eq	1.7.0.9__2.3.8.0.el5_9