5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.0%
Pluf has discovered a vulnerability in Sun Java JDK/SDK,
which potentially can be exploited by malicious people to
compromise a user’s system.
The jar tool does not check properly if the files to be
extracted have the string “…/” on its names, so it’s
possible for an attacker to create a malicious jar file in
order to overwrite arbitrary files within the filesystem.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | jdk | <= 1.2.2p11_3 | UNKNOWN |
FreeBSD | any | noarch | linux-ibm-jdk | <= 1.4.2_1 | UNKNOWN |
FreeBSD | any | noarch | linux-sun-jdk | <= 1.4.2.08_1 | UNKNOWN |
FreeBSD | any | noarch | linux-blackdown-jdk | <= 1.4.2_2 | UNKNOWN |
FreeBSD | any | noarch | diablo-jdk | <= 1.3.1.0_1 | UNKNOWN |
FreeBSD | any | noarch | diablo-jdk-freebsd6 | <= i386.1.5.0.07.00 | UNKNOWN |
FreeBSD | any | noarch | linux-jdk | = 0 | UNKNOWN |