[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-1080Date: (C)2005-05-02   (M)2023-12-22


Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-13083
SECUNIA-14902
http://marc.info/?l=bugtraq&m=111331593310508&w=2
MDVSA-2015:212
RHSA-2015:0806
RHSA-2015:0807
RHSA-2015:0808
RHSA-2015:0809
RHSA-2015:0854
RHSA-2015:0857
RHSA-2015:0858
RHSA-2015:1006
RHSA-2015:1007
RHSA-2015:1020
RHSA-2015:1021
RHSA-2015:1091
http://marc.info/?l=oss-security&m=127603032617644&w=2
[oss-security]
http://marc.info/?l=oss-security&m=127602564508766&w=2
http://advisories.mageia.org/MGASA-2015-0158.html
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
https://bugzilla.redhat.com/show_bug.cgi?id=594497
https://bugzilla.redhat.com/show_bug.cgi?id=601823

CPE    2
cpe:/a:sun:sdk:1.5
cpe:/a:sun:sdk:1.4.2
OVAL    27
oval:org.secpod.oval:def:505341
oval:org.secpod.oval:def:505568
oval:org.secpod.oval:def:1200064
oval:org.secpod.oval:def:505608
...

© SecPod Technologies