CVE Reference: CVE-2008-3112

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2008-3112

Description:
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/43666

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
  http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
  http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
  http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
  http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

ST
  1020452

SAID
  Secunia Advisory: SA35065
  Secunia Advisory: SA37386
  Secunia Advisory: SA31736
  Secunia Advisory: SA31010
  Secunia Advisory: SA31055
  Secunia Advisory: SA31320
  Secunia Advisory: SA31497
  Secunia Advisory: SA31600
  Secunia Advisory: SA32018
  Secunia Advisory: SA32180
  Secunia Advisory: SA32179
  Secunia Advisory: SA32436
  Secunia Advisory: SA32826
  Secunia Advisory: SA33194

REDHAT
  http://www.redhat.com/support/errata/RHSA-2008-0906.html
  http://rhn.redhat.com/errata/RHSA-2008-0955.html
  http://www.redhat.com/support/errata/RHSA-2008-0790.html
  http://www.redhat.com/support/errata/RHSA-2008-0595.html
  http://www.redhat.com/support/errata/RHSA-2008-0594.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11102

MISC
  http://www.zerodayinitiative.com/advisories/ZDI-08-042/

GENTOO
  http://security.gentoo.org/glsa/glsa-200911-02.xml

CONFIRM
  http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
  http://www.vmware.com/security/advisories/VMSA-2008-0016.html
  http://support.apple.com/kb/HT3179
  http://support.apple.com/kb/HT3178

CERT
  http://www.us-cert.gov/cas/techalerts/TA08-193A.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/497041/100/0/threaded
  http://marc.info/?l=bugtraq&m=122331139823057&w=2

BID
  30148

APPLE
  http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html


Return to the previous page.