Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-0831

Опубликовано: 06 июн. 2010
Источник: redhat
CVSS2: 2.6
EPSS Низкий

Описание

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

Отчет

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4gccWill not fix
Red Hat Enterprise Linux 4gcc4Will not fix
Red Hat Enterprise Linux 5gcc44Not affected
Red Hat Enterprise Linux 6gccNot affected
Red Hat Enterprise Linux 5gccFixedRHSA-2011:002513.01.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=594497fastjar: directory traversal vulnerabilities

EPSS

Процентиль: 71%
0.00689
Низкий

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-0831

ubuntu
около 15 лет назад

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

nvd логотип

CVE-2010-0831

nvd
около 15 лет назад

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

debian логотип

CVE-2010-0831

debian
около 15 лет назад

Directory traversal vulnerability in the extract_jar function in jarto ...

github логотип

GHSA-fcqq-mm95-6mqp

github
около 3 лет назад

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

oracle-oval логотип

ELSA-2011-0025

oracle-oval
больше 14 лет назад

ELSA-2011-0025: gcc security and bug fix update (LOW)

EPSS

Процентиль: 71%
0.00689
Низкий

2.6 Low

CVSS2