CVE-2008-3112 — Path Traversal in JDK

CWE-2645 documents5 sources

Severity

10.0CRITICALNVD

EPSS

7.3%

top 8.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedJul 9

Latest updateMay 1

Description

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsun/jdk5.0+3

▶NVDsun/jre1.4.2_17+21

▶NVDsun/sdk18 versions+17

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-f5xr-w782-5rg9: Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2008-3112: Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5↗2008-07-09

▶

📋Vendor Advisories

Red Hat

Java Web Start, arbitrary file creation (6703909)↗2008-07-08

▶

💬Community

Bugzilla

CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)↗2008-07-09

▶