EIP-2026-103670

PRE-CVE

Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (1)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103670. PoCs published by Marc Schoenefeld.

AI-analyzed exploit summary This exploit demonstrates a denial of service vulnerability in Macromedia ColdFusion MX by calling Java methods with NULL values, causing the JVM to crash. The PoC uses ColdFusion markup to create Java objects and trigger the vulnerability.

Description

Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (1)

Exploits (1)

exploitdb WORKING POC VERIFIED
by Marc Schoenefeld · dosmultiple
https://www.exploit-db.com/exploits/22358

This exploit demonstrates a denial of service vulnerability in Macromedia ColdFusion MX by calling Java methods with NULL values, causing the JVM to crash. The PoC uses ColdFusion markup to create Java objects and trigger the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Macromedia ColdFusion MX
No auth needed
Prerequisites: Access to a ColdFusion MX server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026