SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 80

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 81

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
[CVE-2008-5353 |http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353] describes a Java vulnerability discovered in August 2008 by Sami Koivu \[[CVE 2008|AA. Bibliography#CVEReferences#CVE 08]\]. Julien Tinnes subsequently wrote an exploit that allowed arbitrary code execution on multiple platforms running vulnerable versions of Java. The problem resulted from deserializing untrusted input from within a privileged context. The vulnerability involves the {{sun.util.Calendar.ZoneInfo}} class, which, being serializable is deserialized by the {{readObject()}} method of the {{ObjectInputStream}} class.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d259b0abe5505a38-b3a7c860-49ea4121-aef1a9a4-ab4982787ef96fb7a386b9b8"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API References#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b1e4277f5d679730-f0a15d30-472e424a-bfada667-a55b32abe745cc6ec0bd7d7c"><ac:plain-text-body><![CDATA[

[[CVE 2011

AA. Bibliography#CVE References#CVE 08]]

[CVE-2008-5353

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353]

]]></ac:plain-text-body></ac:structured-macro>

...