FreeBSD : jdk -- jar directory traversal vulnerability (18e5428f-ae7c-11d9-837d-000e0c2e438a)
Medium Nessus Plugin ID 18852
The remote FreeBSD host is missing one or more security-related updates.
Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system. The jar tool does not check properly if the files to be extracted have the string '../' on its names, so it's possible for an attacker to create a malicious jar file in order to overwrite arbitrary files within the filesystem.