CVE-2005-0471Path Equivalence: Windows 8.3 Filename in JDK

CWE-58Path Equivalence: Windows 8.3 FilenameCWE-41Improper Resolution of Path Equivalence5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.4%
top 19.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SUN JDKSUN JRE
Timeline
PublishedMar 14
Latest updateMay 1

Description

Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDsun/jdk5 versions+4
NVDsun/jre5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-cv25-vvrw-9p8p: Sun Java JRE 12022-05-01
CVEList
CVE-2005-0471: Sun Java JRE 12005-02-19

📐Framework References

2
CWE
Path Equivalence: Windows 8.3 Filename
CWE
Improper Resolution of Path Equivalence
CVE-2005-0471 — Path Equivalence: Windows 8.3 Filename | cvebase