Java input classes such as Scanner and BufferedInputStream facilitate fast, non-blocking I/O by buffering an underlying input stream. Programs can create multiple wrappers on an InputStream. Programs that use multiple wrappers around a single stream, however, can behave unpredictably depending on whether the wrappers allow look-ahead. An attackercan attacker can exploit this difference in behavior by, for example, redirecting System.in (from a file) or by using the System.setIn() method to redirect System.in. In general, any input stream that supports non-blocking buffered I/O is susceptible to this form of misuse.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ee3eb2201ed0565c-2e556d6a-43214a12-9ea195a1-a72357311cf73ff2770eb31f"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method read | http://java.sun.com/javase/6/docs/api/java/io/InputStream.html#read()] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a9af717d47f4a737-5ae4fade-484d4a41-9cc89495-e49eceb8cfaedc03bf39b2e9"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [class BufferedInputStream | http://java.sun.com/javase/6/docs/api/java/io/BufferedInputStream.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...