Authentication Bypass

2019-05-0205:03:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

CPENameOperatorVersion
java-1.7.0-openjdkeq1.7.0.51__2.4.4.1.el6_5
java-1.7.0-openjdkeq1.7.0.45__2.4.3.2.el6_4
java-1.7.0-openjdkeq1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdkeq1.7.0.55__2.4.7.1.el6_5
java-1.7.0-openjdkeq1.7.0.55__2.4.7.1.el5_10
java-1.7.0-openjdkeq1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdkeq1.7.0.45__2.4.3.4.el6_5
java-1.7.0-openjdkeq1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdkeq1.7.0.45__2.4.3.3.el6
java-1.7.0-openjdkeq1.7.0.9__2.3.8.0.el5_9

Name	Operator	Version
java-1.7.0-openjdk	eq	1.7.0.51__2.4.4.1.el6_5
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.2.el6_4
java-1.7.0-openjdk	eq	1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdk	eq	1.7.0.55__2.4.7.1.el6_5
java-1.7.0-openjdk	eq	1.7.0.55__2.4.7.1.el5_10
java-1.7.0-openjdk	eq	1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.4.el6_5
java-1.7.0-openjdk	eq	1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.3.el6
java-1.7.0-openjdk	eq	1.7.0.9__2.3.8.0.el5_9