9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.175 Low
EPSS
Percentile
96.2%
Directory traversal vulnerability in the PersistenceService in Sun Java Web
Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK
and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to
perform unauthorized actions via an application that grants file overwrite
privileges to itself. NOTE: this can be leveraged to execute arbitrary
code by overwriting a .java.policy file.