Arbitrary Code Execution

2020-04-1001:03:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

java is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing.

CPENameOperatorVersion
java-1.6.0-openjdkeq1.6.0.0__1.20.b17.el5
java-1.6.0-openjdkeq1.6.0.0__1.31.b17.el6_0
java-1.6.0-openjdkeq1.6.0.0__1.36.b17.el6_0
java-1.6.0-openjdkeq1.6.0.0__0.25.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.2.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.7.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.21.b17.el6
java-1.6.0-openjdkeq1.6.0.0__1.17.b17.el5
java-1.6.0-openjdkeq1.6.0.0__0.30.b09.el5
java-1.6.0-openjdkeq1.6.0.0__1.16.b17.el5

Name	Operator	Version
java-1.6.0-openjdk	eq	1.6.0.0__1.20.b17.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.31.b17.el6_0
java-1.6.0-openjdk	eq	1.6.0.0__1.36.b17.el6_0
java-1.6.0-openjdk	eq	1.6.0.0__0.25.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.2.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.7.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.21.b17.el6
java-1.6.0-openjdk	eq	1.6.0.0__1.17.b17.el5
java-1.6.0-openjdk	eq	1.6.0.0__0.30.b09.el5
java-1.6.0-openjdk	eq	1.6.0.0__1.16.b17.el5