Описание
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-1080
- https://bugzilla.redhat.com/show_bug.cgi?id=594497
- https://bugzilla.redhat.com/show_bug.cgi?id=601823
- http://advisories.mageia.org/MGASA-2015-0158.html
- http://marc.info/?l=bugtraq&m=111331593310508&w=2
- http://marc.info/?l=oss-security&m=127602564508766&w=2
- http://marc.info/?l=oss-security&m=127603032617644&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0806.html
- http://rhn.redhat.com/errata/RHSA-2015-0807.html
- http://rhn.redhat.com/errata/RHSA-2015-0808.html
- http://rhn.redhat.com/errata/RHSA-2015-0809.html
- http://rhn.redhat.com/errata/RHSA-2015-0854.html
- http://rhn.redhat.com/errata/RHSA-2015-0857.html
- http://rhn.redhat.com/errata/RHSA-2015-0858.html
- http://rhn.redhat.com/errata/RHSA-2015-1006.html
- http://rhn.redhat.com/errata/RHSA-2015-1007.html
- http://rhn.redhat.com/errata/RHSA-2015-1020.html
- http://rhn.redhat.com/errata/RHSA-2015-1021.html
- http://rhn.redhat.com/errata/RHSA-2015-1091.html
- http://secunia.com/advisories/14902
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:212
- http://www.securiteam.com/securitynews/5IP0C0AFGW.html
- http://www.securityfocus.com/bid/13083
EPSS
CVE ID
Связанные уязвимости
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
ELSA-2015-0808: java-1.6.0-openjdk security update (IMPORTANT)
ELSA-2015-0807: java-1.7.0-openjdk security update (IMPORTANT)
EPSS