Information Disclosure

2020-04-1000:53:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

java is vulnerable to information disclosure. The vulnerability exists as a public static field declaration allowed untrusted JNLP (Java Network Launching Protocol) applications to read privileged data. A remote attacker could directly or indirectly read the values of restricted system properties, such as “user.name”, “user.home”, and “java.home”, which untrusted applications should not be allowed to read.

CPENameOperatorVersion
java-1.6.0-openjdkeq1.6.0.0__1.7.b09.el5
java-1.6.0-openjdkeq1.6.0.0__0.30.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.16.b17.el5
java-1.6.0-openjdkeq1.6.0.0__1.11.b16.el5
java-1.6.0-openjdkeq1.6.0.0__0.25.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.13.b16.el5
java-1.6.0-openjdkeq1.6.0.0__1.2.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.7.b09.el5
java-1.6.0-openjdkeq1.6.0.0__0.30.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.16.b17.el5

Name	Operator	Version
java-1.6.0-openjdk	eq	1.6.0.0__1.7.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__0.30.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.16.b17.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.11.b16.el5
java-1.6.0-openjdk	eq	1.6.0.0__0.25.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.13.b16.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.2.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.7.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__0.30.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.16.b17.el5