| Wiki Markup |
|---|
In a Java Virtual Machine (JVM), a class is identified by its fully qualified class name and its class loader. A class with the same name but a different package name is different, and a class with the same fully qualified name but which has been loaded by a different class loader is also different. "Two classes are the same class (and consequently the same type) if they are loaded by the same class loader and they have the same fully qualified name" \[[JVMSpec 1999|AA. Bibliography#JVMSpec 99]\]. |
...
Comparing classes using their names may give an attacker supplied class undesirable privileges.
Guideline Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ06-J | high | unlikely | low | P6 P9 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...