PT-2005-2099 · Oracle+2 · J2Se Sdk+4

Published

2005-04-12

Updated

2017-01-03

CVE-2005-1080

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions J2SE SDK versions 1.4.2 through 1.5 OpenJDK (affected versions not specified)

Description A directory traversal issue exists in the Java Archive Tool (Jar) utility, allowing remote attackers to create or overwrite arbitrary files by including a .. (dot dot) in filenames within a .jar file.

Recommendations For J2SE SDK versions 1.4.2 through 1.5, consider restricting the use of the Jar utility until a fix is available. For OpenJDK, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2015_0806

CESA-2015_0808

CESA-2015_0809

CVE-2005-1080

MGASA-2015-0158

RHSA-2015:0806

RHSA-2015:0807

RHSA-2015:0808

RHSA-2015:0809

RHSA-2015:0854

RHSA-2015:0857

RHSA-2015:0858

RHSA-2015:1006

RHSA-2015:1007

RHSA-2015:1020

RHSA-2015:1021

RHSA-2015:1091

RHSA-2015_0806

RHSA-2015_0807

RHSA-2015_0808

RHSA-2015_0809

RHSA-2015_0854

RHSA-2015_0857

RHSA-2015_0858

RHSA-2015_1006

RHSA-2015_1020

RHSA-2015_1021

Affected Products

Centos

J2Se Sdk

Java Archive Tool

Openjdk

Red Hat

PT-2005-2099 · Oracle+2 · J2Se Sdk+4

CVE-2005-1080

Related Identifiers

Affected Products

References · 112