CVE-2008-3112

Sun Java Web Start <6 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

References (41)

Core 41

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43666

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=122331139823057&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32436

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32826

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31600

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32018

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200911-02.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32179

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33194

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2740

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31320

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-08-042/

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2056/references

Patch vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31055

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32180

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31736

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35065

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3178

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1020452

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30148

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0594.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31497

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2008-0955.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497041/100/0/threaded

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0790.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0906.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA08-193A.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37386

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3179

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0595.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31010

Scores

EPSS 0.0731

EPSS Percentile 91.8%

Details

CWE

CWE-264

Status published

Products (22)

sun/jdk 5.0 update_10 (13 CPE variants)

sun/jdk 6 update_1 (5 CPE variants)

sun/jdk < 5.0

sun/jdk < 6

sun/jre 1.4.2

sun/jre 1.4.2_01

sun/jre 1.4.2_02

sun/jre 1.4.2_03

sun/jre 1.4.2_04

sun/jre 1.4.2_05

... and 12 more

Published Jul 09, 2008

Tracked Since Feb 18, 2026