Lucene search

K
freebsdFreeBSD18E5428F-AE7C-11D9-837D-000E0C2E438A
HistoryApr 11, 2005 - 12:00 a.m.

jdk -- jar directory traversal vulnerability

2005-04-1100:00:00
vuxml.freebsd.org
12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%

Pluf has discovered a vulnerability in Sun Java JDK/SDK,
which potentially can be exploited by malicious people to
compromise a user’s system.

The jar tool does not check properly if the files to be
extracted have the string “…/” on its names, so it’s
possible for an attacker to create a malicious jar file in
order to overwrite arbitrary files within the filesystem.

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.2%