Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiPeter CsepelyZDI-08-042
HistoryJul 17, 2008 - 12:00 a.m.

Sun Java Web Start Sandbox Bypass Vulnerability

2008-07-1700:00:00
Peter Csepely
www.zerodayinitiative.com
19

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the writeManifest() method of the CacheEntry class. A directory traversal flaw in this method allows the creation of arbitrary files on the target system. After the file has been created, a call to Runtime.getRuntime.exec() can be used to execute the file.

Related

prion 1
d2 1
ubuntucve 1
cve 1
redhat 7
openvas 20
nessus 29
suse 3
securityvulns 1
vmware 2
gentoo 1
prion
prion
Directory traversal
2008-07-09 23:41:00
d2
d2
DSquare Exploit Pack: D2SEC_JAVAWS2
2008-07-09 23:41:00
ubuntucve
ubuntucve
CVE-2008-3112
2008-07-09 00:00:00
cve
cve
CVE-2008-3112
2008-07-09 23:41:00
redhat
redhat
(RHSA-2008:0955) Critical: java-1.4.2-ibm security update
2008-11-25 00:00:00
(RHSA-2008:0790) Critical: java-1.5.0-ibm security update
2008-07-31 00:00:00
(RHSA-2008:0636) Low: Red Hat Network Satellite Server Sun Java Runtime security update
2008-08-13 00:00:00
openvas
openvas
SLES10: Security update for IBM Java
2009-10-13 00:00:00
SLES10: Security update for IBM Java
2009-10-13 00:00:00
SLES9: Security update for IBM Java2 JRE and SDK
2009-10-10 00:00:00
nessus
nessus
SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12313)
2009-09-24 00:00:00
RHEL 5 : java-1.4.2-ibm (RHSA-2008:0955)
2009-08-24 00:00:00
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 5846)
2009-09-24 00:00:00
suse
suse
remote code execution in java-1_5_0-ibm,IBMJava5
2008-09-17 13:28:28
remote code execution in IBMJava5-JRE,java-1_5_0-ibm
2008-09-04 13:19:33
remote code execution in Sun Java security update
2008-08-25 12:44:04
securityvulns
securityvulns
VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-06 00:00:00
vmware
vmware
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.6%

JSON
Related for ZDI-08-042
prion1d21ubuntucve1cve1redhat7openvas20nessus29suse3securityvulns1vmware2gentoo1