CVE-2005-1080 - Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5,

CVE-2005-1080

Summary

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.

References

Vulnerable Configurations

cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.5:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.5:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-01-2017 - 02:59)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

redhat via4

advisories

rhsa
id RHSA-2015:0806
rhsa
id RHSA-2015:0807
rhsa
id RHSA-2015:0808
rhsa
id RHSA-2015:0809
rhsa
id RHSA-2015:0854
rhsa
id RHSA-2015:0857
rhsa
id RHSA-2015:0858
rhsa
id RHSA-2015:1006
rhsa
id RHSA-2015:1007
rhsa
id RHSA-2015:1020
rhsa
id RHSA-2015:1021
rhsa
id RHSA-2015:1091

rpms

java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.ael7b_1
java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el6_6
java-1.7.0-openjdk-1:1.7.0.79-2.5.5.1.el7_1
java-1.7.0-openjdk-accessibility-1:1.7.0.79-2.5.5.1.ael7b_1
java-1.7.0-openjdk-accessibility-1:1.7.0.79-2.5.5.1.el7_1
java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.ael7b_1
java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.el6_6
java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.1.el7_1
java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.ael7b_1
java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.el6_6
java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.1.el7_1
java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.ael7b_1
java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.el6_6
java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.1.el7_1
java-1.7.0-openjdk-headless-1:1.7.0.79-2.5.5.1.ael7b_1
java-1.7.0-openjdk-headless-1:1.7.0.79-2.5.5.1.el7_1
java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.ael7b_1
java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.el6_6
java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.1.el7_1
java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.ael7b_1
java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.el6_6
java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.1.el7_1
java-1.7.0-openjdk-1:1.7.0.79-2.5.5.2.el5_11
java-1.7.0-openjdk-debuginfo-1:1.7.0.79-2.5.5.2.el5_11
java-1.7.0-openjdk-demo-1:1.7.0.79-2.5.5.2.el5_11
java-1.7.0-openjdk-devel-1:1.7.0.79-2.5.5.2.el5_11
java-1.7.0-openjdk-javadoc-1:1.7.0.79-2.5.5.2.el5_11
java-1.7.0-openjdk-src-1:1.7.0.79-2.5.5.2.el5_11
java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el5_11
java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el6_6
java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el7_1
java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el5_11
java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el6_6
java-1.6.0-openjdk-debuginfo-1:1.6.0.35-1.13.7.1.el7_1
java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el5_11
java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el6_6
java-1.6.0-openjdk-demo-1:1.6.0.35-1.13.7.1.el7_1
java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el5_11
java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el6_6
java-1.6.0-openjdk-devel-1:1.6.0.35-1.13.7.1.el7_1
java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el5_11
java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el6_6
java-1.6.0-openjdk-javadoc-1:1.6.0.35-1.13.7.1.el7_1
java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el5_11
java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el6_6
java-1.6.0-openjdk-src-1:1.6.0.35-1.13.7.1.el7_1
java-1.8.0-openjdk-1:1.8.0.45-28.b13.el6_6
java-1.8.0-openjdk-1:1.8.0.45-30.b13.ael7b_1
java-1.8.0-openjdk-1:1.8.0.45-30.b13.el7_1
java-1.8.0-openjdk-accessibility-1:1.8.0.45-30.b13.ael7b_1
java-1.8.0-openjdk-accessibility-1:1.8.0.45-30.b13.el7_1
java-1.8.0-openjdk-debuginfo-1:1.8.0.45-28.b13.el6_6
java-1.8.0-openjdk-debuginfo-1:1.8.0.45-30.b13.ael7b_1
java-1.8.0-openjdk-debuginfo-1:1.8.0.45-30.b13.el7_1
java-1.8.0-openjdk-demo-1:1.8.0.45-28.b13.el6_6
java-1.8.0-openjdk-demo-1:1.8.0.45-30.b13.ael7b_1
java-1.8.0-openjdk-demo-1:1.8.0.45-30.b13.el7_1
java-1.8.0-openjdk-devel-1:1.8.0.45-28.b13.el6_6
java-1.8.0-openjdk-devel-1:1.8.0.45-30.b13.ael7b_1
java-1.8.0-openjdk-devel-1:1.8.0.45-30.b13.el7_1
java-1.8.0-openjdk-headless-1:1.8.0.45-28.b13.el6_6
java-1.8.0-openjdk-headless-1:1.8.0.45-30.b13.ael7b_1
java-1.8.0-openjdk-headless-1:1.8.0.45-30.b13.el7_1
java-1.8.0-openjdk-javadoc-1:1.8.0.45-28.b13.el6_6
java-1.8.0-openjdk-javadoc-1:1.8.0.45-30.b13.ael7b_1
java-1.8.0-openjdk-javadoc-1:1.8.0.45-30.b13.el7_1
java-1.8.0-openjdk-src-1:1.8.0.45-28.b13.el6_6
java-1.8.0-openjdk-src-1:1.8.0.45-30.b13.ael7b_1
java-1.8.0-openjdk-src-1:1.8.0.45-30.b13.el7_1
java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-devel-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-javafx-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-jdbc-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-plugin-1:1.8.0.45-1jpp.2.el7_1
java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el6_6
java-1.8.0-oracle-src-1:1.8.0.45-1jpp.2.el7_1
java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-devel-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-javafx-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-jdbc-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-plugin-1:1.7.0.79-1jpp.1.el7_1
java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el5_11
java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el6_6
java-1.7.0-oracle-src-1:1.7.0.79-1jpp.1.el7_1
java-1.6.0-sun-1:1.6.0.95-1jpp.3.el5_11
java-1.6.0-sun-1:1.6.0.95-1jpp.3.el6_6
java-1.6.0-sun-1:1.6.0.95-1jpp.3.el7_1
java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el5_11
java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el6_6
java-1.6.0-sun-demo-1:1.6.0.95-1jpp.3.el7_1
java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el5_11
java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el6_6
java-1.6.0-sun-devel-1:1.6.0.95-1jpp.3.el7_1
java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el5_11
java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el6_6
java-1.6.0-sun-jdbc-1:1.6.0.95-1jpp.3.el7_1
java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el5_11
java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el6_6
java-1.6.0-sun-plugin-1:1.6.0.95-1jpp.3.el7_1
java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el5_11
java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el6_6
java-1.6.0-sun-src-1:1.6.0.95-1jpp.3.el7_1
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-accessibility-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-demo-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-demo-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-javacomm-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-javacomm-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-jdbc-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-jdbc-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-plugin-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-plugin-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-src-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-src-1:1.6.0.16.4-1jpp.1.el6_6
java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-demo-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-devel-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-jdbc-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-plugin-1:1.7.0.9.0-1jpp.1.el5
java-1.7.0-ibm-src-1:1.7.0.9.0-1jpp.1.el5
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-demo-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-devel-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-jdbc-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-plugin-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-plugin-1:1.7.1.3.0-1jpp.2.el7_1
java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.ael7b_1
java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.el6_6
java-1.7.1-ibm-src-1:1.7.1.3.0-1jpp.2.el7_1
java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-accessibility-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-demo-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-demo-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-devel-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-devel-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-javacomm-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-javacomm-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-jdbc-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-jdbc-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-plugin-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-plugin-1:1.5.0.16.10-1jpp.1.el6_6
java-1.5.0-ibm-src-1:1.5.0.16.10-1jpp.1.el5
java-1.5.0-ibm-src-1:1.5.0.16.10-1jpp.1.el6_6
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6
java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el5
java-1.6.0-ibm-devel-1:1.6.0.16.4-1jpp.1.el6_6

refmap via4

bid	13083
bugtraq	20050412 7a69Adv#23 - Jar tool directory transversal vulnerability
confirm	http://advisories.mageia.org/MGASA-2015-0158.html https://bugzilla.redhat.com/show_bug.cgi?id=594497 https://bugzilla.redhat.com/show_bug.cgi?id=601823
mandriva	MDVSA-2015:212
misc	http://www.securiteam.com/securitynews/5IP0C0AFGW.html
mlist	[oss-security] 20100608 Re: jar, fastjar directory traversal vulnerabilities [oss-security] 20100608 jar, fastjar directory traversal vulnerabilities
secunia	14902

Last major update

03-01-2017 - 02:59

Published

02-05-2005 - 04:00

Last modified

03-01-2017 - 02:59