Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
http://advisories.mageia.org/MGASA-2015-0158.html
http://marc.info/?l=bugtraq&m=111331593310508&w=2
http://marc.info/?l=oss-security&m=127602564508766&w=2
http://marc.info/?l=oss-security&m=127603032617644&w=2
http://rhn.redhat.com/errata/RHSA-2015-0806.html
http://rhn.redhat.com/errata/RHSA-2015-0807.html
http://rhn.redhat.com/errata/RHSA-2015-0808.html
http://rhn.redhat.com/errata/RHSA-2015-0809.html
http://rhn.redhat.com/errata/RHSA-2015-0854.html
http://rhn.redhat.com/errata/RHSA-2015-0857.html
http://rhn.redhat.com/errata/RHSA-2015-0858.html
http://rhn.redhat.com/errata/RHSA-2015-1006.html
http://rhn.redhat.com/errata/RHSA-2015-1007.html
http://rhn.redhat.com/errata/RHSA-2015-1020.html
http://rhn.redhat.com/errata/RHSA-2015-1021.html
http://rhn.redhat.com/errata/RHSA-2015-1091.html
http://secunia.com/advisories/14902
http://www.mandriva.com/security/advisories?name=MDVSA-2015:212
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://www.securityfocus.com/bid/13083
Source: MITRE
Published: 2005-05-02
Updated: 2017-01-03
Type: NVD-CWE-Other
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM