- Description
- The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-59
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A6505E4-8E6A-4888-8B9C-2B2C10546CB6"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "662D4C81-DD97-4A36-8F15-CCE6ADA6456E"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CA81243-2FC7-481B-AFD8-067E3EC9DF77"
}
],
"operator": "OR"
}
]
}
]