CVE-2005-1080

Sažetak

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.

Reference

http://advisories.mageia.org/MGASA-2015-0158.html
http://marc.info/?l=bugtraq&m=111331593310508&w=2
http://marc.info/?l=oss-security&m=127602564508766&w=2
http://marc.info/?l=oss-security&m=127603032617644&w=2
http://rhn.redhat.com/errata/RHSA-2015-0806.html
http://rhn.redhat.com/errata/RHSA-2015-0807.html
http://rhn.redhat.com/errata/RHSA-2015-0808.html
http://rhn.redhat.com/errata/RHSA-2015-0809.html
http://rhn.redhat.com/errata/RHSA-2015-0854.html
http://rhn.redhat.com/errata/RHSA-2015-0857.html
http://rhn.redhat.com/errata/RHSA-2015-0858.html
http://rhn.redhat.com/errata/RHSA-2015-1006.html
http://rhn.redhat.com/errata/RHSA-2015-1007.html
http://rhn.redhat.com/errata/RHSA-2015-1020.html
http://rhn.redhat.com/errata/RHSA-2015-1021.html
http://rhn.redhat.com/errata/RHSA-2015-1091.html
http://secunia.com/advisories/14902
http://www.mandriva.com/security/advisories?name=MDVSA-2015:212
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://www.securityfocus.com/bid/13083
https://bugzilla.redhat.com/show_bug.cgi?id=594497
https://bugzilla.redhat.com/show_bug.cgi?id=601823

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

03-01-2017 - 02:59

Objavljeno

02-05-2005 - 04:00