Summary
This host is installed with Oracle Java SE and is prone to privilege escalation vulnerability.
Impact
Successful exploitation will allow a local attacker to use a symlink attack against the '/tmp/unpack.log' file to overwrite arbitrary files.
Impact Level: System/Application
Solution
Upgrade to version 8 update 5 or 7 update 55, or higher, For updates refer to www.oracle.com/index.html
Insight
The flaw is due to some error in the 'unpacker::redirect_stdio' function within 'unpack.cpp'.
Affected
Oracle Java SE 7 update 51 and prior on Windows
Detection
Get the installed version of Oracle Java SE with the help of detect NVT and check it is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1876 -
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- Adobe Reader Multiple Vulnerabilities - Aug07 (Mac OS X)
- Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)