Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-0831
HistoryMay 25, 2010 - 12:00 a.m.

CVE-2010-0831

2010-05-2500:00:00
ubuntu.com
ubuntu.com
14

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

EPSS

0.01

Percentile

83.4%

Directory traversal vulnerability in the extract_jar function in jartool.c
in FastJar 0.98 allows remote attackers to create or overwrite arbitrary
files via a … (dot dot) in a non-initial pathname component in a filename
within a .jar archive, a related issue to CVE-2005-1080. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2006-3619.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchfastjar< 2:0.95-1ubuntu2.1UNKNOWN
ubuntu9.04noarchfastjar< 2:0.97-3ubuntu0.1UNKNOWN
ubuntu9.10noarchfastjar< 2:0.98-1ubuntu0.9.10.1UNKNOWN
ubuntu10.04noarchfastjar< 2:0.98-1ubuntu0.10.04.1UNKNOWN

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

EPSS

0.01

Percentile

83.4%