Statements (31)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Security_vulnerability
|
| gptkbp:affects |
Java applications
|
| gptkbp:canBeBypassedBy |
Application security controls
|
| gptkbp:category |
Injection attack
Java vulnerability Remote code execution vulnerability |
| gptkbp:cause |
Data exfiltration
Remote code execution |
| gptkbp:detects |
Code review
Penetration testing Security scanning tools |
| gptkbp:documentedIn |
gptkb:OWASP_Top_10
CWE-74 |
| gptkbp:exploits |
Attackers
Misconfigured JNDI services Unrestricted JNDI lookups |
| gptkbp:firstNoticed |
Early 2000s
|
| gptkbp:mitigatedBy |
Input validation
Disabling remote codebases SecurityManager restrictions |
| gptkbp:notableExample |
gptkb:Log4Shell_vulnerability
|
| gptkbp:relatedTo |
gptkb:Java_Naming_and_Directory_Interface
|
| gptkbp:requires |
JNDI lookup
Untrusted user input |
| gptkbp:uses |
gptkb:DNS
gptkb:RMI gptkb:CORBA gptkb:LDAP |
| gptkbp:bfsParent |
gptkb:Log4j_2.0-beta9_to_2.14.1
|
| gptkbp:bfsLayer |
8
|
| https://www.w3.org/2000/01/rdf-schema#label |
JNDI Injection
|