CVE-2008-3112

Severity

99%

Complexity

99%

Confidentiality

165%

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 16 years ago

2008-07-09 23:41:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.4.2_16

1.4.2_16

Sun JRE

SDK 1.4.2

1.4.2

SDK 1.4.2_02

1.4.2_02

SDK 1.4.2_03

1.4.2_03

SDK 1.4.2_04

1.4.2_04

Sun SDK 1.4.2_08

1.4.2_08

Sun SDK 1.4.2_09

1.4.2_09

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

Sun SDK 1.4.2_15

1.4.2_15

Sun SDK 1.4.2_16

1.4.2_16

Sun SDK1.4.2_17

1.4.2_17

References

APPLE-SA-2008-09-24

SUSE-SA:2008:042

SUSE-SA:2008:043

SUSE-SA:2008:045

SUSE-SR:2008:028

SUSE-SR:2009:010

20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and

RHSA-2008:0955

31010

Vendor Advisory

31055

31320

31497

31600

31736

32018

32179

32180

32436

32826

33194

35065

37386

GLSA-200911-02

238905

Patch

http://support.apple.com/kb/HT3178

http://support.apple.com/kb/HT3179

http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm

RHSA-2008:0594

RHSA-2008:0595

RHSA-2008:0790

RHSA-2008:0906

20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

30148

1020452

TA08-193A

US Government Resource

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

ADV-2008-2056

ADV-2008-2740

http://www.zerodayinitiative.com/advisories/ZDI-08-042/

sun-javawebstart-file-create(43666)

oval:org.mitre.oval:def:11102

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.