Lucene search

K

CanonicalCVELIST:CVE-2010-0831

HistoryJun 18, 2010 - 6:00 p.m.

CVE-2010-0831

2010-06-1818:00:00

canonical

www.cve.org

1

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.4%

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a … (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

References

marc.info/?l=oss-security&m=127602564508766&w=2

marc.info/?l=oss-security&m=127602731712034&w=2

marc.info/?l=oss-security&m=127603032617644&w=2

packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog

secunia.com/advisories/42892

secunia.com/advisories/50786

security.gentoo.org/glsa/glsa-201209-21.xml

www.mandriva.com/security/advisories?name=MDVSA-2010:122

www.osvdb.org/65467

www.redhat.com/support/errata/RHSA-2011-0025.html

www.securityfocus.com/bid/41006

www.vupen.com/english/advisories/2010/1553

www.vupen.com/english/advisories/2011/0121

bugzilla.redhat.com/show_bug.cgi?id=594497

bugzilla.redhat.com/show_bug.cgi?id=601823

launchpad.net/bugs/540575

6.9 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.4%

Related for CVELIST:CVE-2010-0831

openvas46 securityvulns3 cve5 prion2 nvd5 ubuntucve5 nessus54 debiancve2 cvelist3 veracode13 oraclelinux7 redhat15 debian1 f51 centos6 freebsd1 ubuntu1 gentoo2 fedora3 archlinux6 mageia1 amazon3 vmware1