CVE-2015-0480: Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors…

CVE-2015-0460 [CRITICAL] OpenJDK 6 vulnerabilities Title: OpenJDK 6 vulnerabilities Summary: Several security issues were fixed in OpenJDK 6. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerabilit

CVE-2015-0460 [CRITICAL] OpenJDK 7 vulnerabilities Title: OpenJDK 7 vulnerabilities Summary: Several security issues were fixed in OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerabilit

CVE-2015-0480 [MEDIUM] CVE-2015-0480: openjdk-8 - Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows ... Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. Scope: local sid: resolved (fixed in 8u45-b14-1)

CVE-2015-0480 [MEDIUM] CWE-22 OpenJDK: jar directory traversal issues (Tools, 8064601) OpenJDK: jar directory traversal issues (Tools, 8064601) Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted.

CVE-2015-0480 [MEDIUM] GHSA-vhvr-cgg2-5j24: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.

CVE-2015-0460 [CRITICAL] openjdk-7 vulnerabilities openjdk-7 vulnerabilities Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2015-0460, CVE-2015-0469) Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. (CVE-2015-0480) Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data. (CVE-2015-0478) A vulnerability was discovered in the OpenJDK JRE related to data integrity. An

CVE-2015-0480 [MEDIUM] CVE-2015-0480: Unspecified vulnerability in Oracle Java SE 5 Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.

CVE-2015-0480 [MEDIUM] CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601) A directory traversal flaw was found in jar, The Java Archive Tool. Relative paths containing '..' or absolute paths used for files stored in a specially-crafted jar archive could cause the jar tool to overwrite arbitrary files when the archive was extracted. With this update, jar strips leading '/' or path prefix that contains '..'. New command line option -P can be used to revert back to the old insecure behavior which preserves absolute paths and paths with '..'. This issue was reported multiple times in the past and already got CVE-2005-1080 (bug 606442) assigned. This CVE is a duplicate of the old 2005 id. Discussion: Public now via Oracle Critical Patch Update - April 2015. Fixed in Oracle Java SE 6u95, 7u79,

CVE-2005-1080 [MEDIUM] CVE-2005-1080 jar: directory traversal vulnerability CVE-2005-1080 jar: directory traversal vulnerability Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2, 1.5 allows remote attackers to write arbitrary files via a .. (dot dot) in filenames in a .jar file. Initially the directory traversal flaw was reported for fastjar (see bug #594497) but was later found to also affect jar. The vulnerability in jar was reported in January 2005 but was never corrected upstream (CVE-2005-1080). Bug #594497 has a test script to determine if the vulnerability is present in jar as well as fastjar. Discussion: Created java-1.6.0-openjdk tracking bugs for this issue Affects: fedora-all [bug 601824] --- Statement: (none) --- *** Bug 1180589 has been marked as a duplicate of this bug. *** --- This issue has been