---

CVE-2017-10067 - log back

CVE-2017-10067 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Remote
Type	+ Authentication bypass
Description	+ It was discovered that the JAR (Java ARchive) verifier in the Security component of OpenJDK did not correctly handle files inside archives with missing digest. An attacker could possibly use this flaw to manipulate content of a singed JAR, bypassing intended verification.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c729ab3b13ae
Notes