CVE-2008-3112

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

🔗 References (82)

• cve@mitrehttp://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
• cve@mitrehttp://marc.info/?l=bugtraq&m=122331139823057&w=2
• cve@mitrehttp://rhn.redhat.com/errata/RHSA-2008-0955.html
• cve@mitrehttp://secunia.com/advisories/31010
• cve@mitrehttp://secunia.com/advisories/31055
• cve@mitrehttp://secunia.com/advisories/31320
• cve@mitrehttp://secunia.com/advisories/31497
• cve@mitrehttp://secunia.com/advisories/31600
• cve@mitrehttp://secunia.com/advisories/31736
• cve@mitrehttp://secunia.com/advisories/32018