Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2014-1876

The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.

  • Published: Feb 11, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-1876
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.4
  • AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
oracle / openjdk 1.8.0 1.8.0.x
oracle / openjdk 1.7.0 1.7.0.x
oracle / openjdk 1.6.0 1.6.0.x