Oracle Java Arbitrary File Deletion

Strike ID:
E19-0sld1
CVSS:
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
False Positive:
f
Variants:
1
Year:
2019

Description

This strike exploits an arbitrary file deletion vulnerability in Oracle SE 8. The vulnerability is due to improper filtering of jlnp URL variable. An attacker can entice the victim to click the malicious link. Successful exploitation may lead to file deletion on client side.

CVE

Bid