Information Disclosure

2020-04-1000:44:25

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

java is vulnerable to information disclosure. The vulnerability exists as an information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system.

CPENameOperatorVersion
java-1.6.0-openjdkeq1.6.0.0__1.2.b09.el5
java-1.6.0-openjdkeq1.6.0.0__0.30.b09.el5
java-1.6.0-openjdkeq1.6.0.0__0.25.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.2.b09.el5
java-1.6.0-openjdkeq1.6.0.0__0.30.b09.el5
java-1.6.0-openjdkeq1.6.0.0__0.25.b09.el5

Name	Operator	Version
java-1.6.0-openjdk	eq	1.6.0.0__1.2.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__0.30.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__0.25.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.2.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__0.30.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__0.25.b09.el5