Lucene search

[email protected]CVE-2008-3112

HistoryJul 09, 2008 - 11:41 p.m.

CVE-2008-3112

2008-07-0923:41:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-3112

directory traversal

sun java web start

jdk

jre

remote attack

cr 6703909

6.3 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

CPENameOperatorVersion
sun:jdksun jdkeq5.0
sun:jresun jreeq1.4.2_16
sun:sdksun sdkeq1.4.2
sun:jresun jreeq5.0
sun:jresun jreeq1.4.2_01
sun:sdksun sdkeq1.4.2_10
sun:sdksun sdkeq1.4.2_12
sun:jresun jreeq6
sun:sdksun sdkeq1.4.2_17
sun:jresun jreeq1.4.2_03

CPE	Name	Operator	Version
sun:jdk	sun jdk	eq	5.0
sun:jre	sun jre	eq	1.4.2_16
sun:sdk	sun sdk	eq	1.4.2
sun:jre	sun jre	eq	5.0
sun:jre	sun jre	eq	1.4.2_01
sun:sdk	sun sdk	eq	1.4.2_10
sun:sdk	sun sdk	eq	1.4.2_12
sun:jre	sun jre	eq	6
sun:sdk	sun sdk	eq	1.4.2_17
sun:jre	sun jre	eq	1.4.2_03

Rows per page:

1-10 of 401

References

lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

marc.info/?l=bugtraq&m=122331139823057&w=2

rhn.redhat.com/errata/RHSA-2008-0955.html

secunia.com/advisories/31010

secunia.com/advisories/31055

secunia.com/advisories/31320

secunia.com/advisories/31497

secunia.com/advisories/31600

secunia.com/advisories/31736

secunia.com/advisories/32018

secunia.com/advisories/32179

secunia.com/advisories/32180

secunia.com/advisories/32436

secunia.com/advisories/32826

secunia.com/advisories/33194

secunia.com/advisories/35065

secunia.com/advisories/37386

security.gentoo.org/glsa/glsa-200911-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

support.apple.com/kb/HT3178

support.apple.com/kb/HT3179

support.avaya.com/elmodocs2/security/ASA-2008-428.htm

www.redhat.com/support/errata/RHSA-2008-0594.html

www.redhat.com/support/errata/RHSA-2008-0595.html

www.redhat.com/support/errata/RHSA-2008-0790.html

www.redhat.com/support/errata/RHSA-2008-0906.html

www.securityfocus.com/archive/1/497041/100/0/threaded

www.securityfocus.com/bid/30148

www.securitytracker.com/id?1020452

www.us-cert.gov/cas/techalerts/TA08-193A.html

www.vmware.com/security/advisories/VMSA-2008-0016.html

www.vupen.com/english/advisories/2008/2056/references

www.vupen.com/english/advisories/2008/2740

www.zerodayinitiative.com/advisories/ZDI-08-042/

exchange.xforce.ibmcloud.com/vulnerabilities/43666

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102

6.3 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2008-3112

zdi1 d21 ubuntucve1 prion1 openvas20 nessus29 redhat7 suse3 securityvulns1 vmware2 gentoo1