CVE-2008-3112

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 9 July 2008

Summary

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

References

http://lists.apple.com/archives/security-announce//2008/S...

vendor-advisoryx_refsource_APPLE

http://marc.info/?l=bugtraq&m=122331139823057&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/32436

third-party-advisoryx_refsource_SECUNIA

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 9, 2008
Vulnerability Reserved
Jul 9, 2008