Callers can trivially access and modify public static non-final fields. Neither accesses nor any modifications can be are automatically checked by a security manager, and newly set values cannot be validated. Furthermore, multiple threads can modify non-final public static fields in inconsistent ways.
...
| Wiki Markup |
|---|
This noncompliant code example is adopted from JDK v1.4.2 \[[FT 08|AA. Java References#FT 08]\]. It declares a function table containing a {{public static}} field. |
| Code Block | ||
|---|---|---|
| ||
package org.apache.xpath.compiler;
public class FunctionTable {
public static FuncLoader m_functions;
}
|
...
Replacing the function table gives the attacker access to the XPathContext. The XPathContext is used to set the reference node for evaluating XPath expressions. Manipulating it can allow XML fields to be modified in inconsistent ways, resulting in unexpected behavior. Also, because static variables are global across the Java Runtime Environment (JRE). They , they can be used as a covert communication channel between different application domains (e.g., through code loaded by different class loaders).
...