SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 73

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version 74

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
[CVE-2008-5353 |http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353] describes a Java vulnerability discovered in August 2008 by Sami Koivu \[[CVE|AA. Bibliography#CVE 08]\]. Julien Tinnes subsequently wrote an exploit that allowed arbitrary code execution on multiple platforms that ran vulnerable versions of Java. The problem resulted from deserializing untrusted input from within a privileged context. The vulnerability involves the ({{sun.util.Calendar.Zoneinfo}}) object, which being a serializable class is deserialized by the {{readObject()}} method of the {{ObjectInputStream}} class.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ea5baeb0d96b1a61-9f9ad0d8-4a37424d-b3989685-bd57e740991100fee228e5c3"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="930c1e10431cfdb7-7dbb4400-46404ef1-b111859f-040a214e94ab204762d0608f"><ac:plain-text-body><![CDATA[

[[CVE

AA. Bibliography#CVE 08]]

[CVE-2008-5353

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353]

]]></ac:plain-text-body></ac:structured-macro>

...