Summary
This host is installed with Oracle Java SE and is prone to privilege escalation vulnerability.
Impact
Successful exploitation will allow a local attacker to use a symlink attack against the '/tmp/unpack.log' file to overwrite arbitrary files.
Impact Level: System/Application
Solution
Upgrade to version 8 update 5 or 7 update 55, or higher, For updates refer to www.oracle.com/index.html
Insight
The flaw is due to some error in the 'unpacker::redirect_stdio' function within 'unpack.cpp'.
Affected
Oracle Java SE 7 update 51 and prior on Windows
Detection
Get the installed version of Oracle Java SE with the help of detect NVT and check it is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1876 -
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)
- Apple Safari libxml Denial of Service Vulnerability
- Apache Tomcat Multiple Vulnerabilities-01 (Nov14)