CVE-2007-3504

Sažetak

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.

Reference

http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://osvdb.org/37755
http://secunia.com/advisories/25823
http://secunia.com/advisories/28115
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1
http://www.securityfocus.com/archive/1/472673/100/0/threaded
http://www.securityfocus.com/bid/24695
http://www.securitytracker.com/id?1018328
http://www.vupen.com/english/advisories/2007/2384
http://www.vupen.com/english/advisories/2007/4224
https://exchange.xforce.ibmcloud.com/vulnerabilities/35169

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

15-10-2018 - 21:29

Objavljeno

30-06-2007 - 01:30