EIP-2026-103672

PRE-CVE

Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (3)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103672. PoCs published by Marc Schoenefeld.

AI-analyzed exploit summary This exploit targets a denial of service vulnerability in several Java Virtual Machine implementations by calling methods in the java.util.zip class with NULL values, causing the JVM to crash. The provided code demonstrates the issue by invoking CRC32.update with invalid parameters.

Description

Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (3)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marc Schoenefeld · javadosmultiple

https://www.exploit-db.com/exploits/22360

View Code ZIP pw:eip

This exploit targets a denial of service vulnerability in several Java Virtual Machine implementations by calling methods in the java.util.zip class with NULL values, causing the JVM to crash. The provided code demonstrates the issue by invoking CRC32.update with invalid parameters.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Java Virtual Machine (multiple implementations)

No auth needed

Prerequisites: Access to a vulnerable JVM implementation

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026