Java input classes such as Scanner and BufferedInputStream facilitate fast, non-blocking I/O by buffering an underlying input stream. Programs can create multiple wrappers on an InputStream. Programs that use multiple wrappers around a single stream, however, can behave unpredictably depending on whether the wrappers allow look-ahead. An attackercan attacker can exploit this difference in behavior by, for example, redirecting System.in (from a file) or by using the System.setIn() method to redirect System.in. In general, any input stream that supports non-blocking buffered I/O is susceptible to this form of misuse.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0df59368ece98a99-24dc8dda-4fe34ca6-93c391d5-33c326b8e6c4c81679494180"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [method read | http://java.sun.com/javase/6/docs/api/java/io/InputStream.html#read()] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9a25f1f6b57945d6-9fe8cd11-414d456e-85e3a0ce-490b1d9c7a9f419e2b219be6"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | [class BufferedInputStream | http://java.sun.com/javase/6/docs/api/java/io/BufferedInputStream.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...