Directory Traversal

2019-01-1509:05:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

76.2%

JSON

openjdk is vulnerable to directory traversal. A remote attacker is able to create or overwrite arbitrary files on the system using a malicious JAR archive containing files with ../ characters. The malicious file operations will be performed when the JAR archive is extracted

CPENameOperatorVersion
java-1.7.0-openjdkeq1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdkeq1.7.0.45__2.4.3.2.el6_4
java-1.7.0-openjdkeq1.7.0.55__2.4.7.1.el6_5
java-1.7.0-openjdkeq1.7.0.55__2.4.7.1.el5_10
java-1.7.0-openjdkeq1.7.0.45__2.4.3.4.el6_5
java-1.7.0-openjdkeq1.7.0.71__2.5.3.1.el6
java-1.7.0-openjdkeq1.7.0.25__2.3.10.5.el5_9
java-1.7.0-openjdkeq1.7.0.51__2.4.4.2.el5_10
java-1.7.0-openjdkeq1.7.0.75__2.5.4.0.el5_11
java-1.7.0-openjdkeq1.7.0.9__2.3.4.1.el6_3

Name	Operator	Version
java-1.7.0-openjdk	eq	1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.2.el6_4
java-1.7.0-openjdk	eq	1.7.0.55__2.4.7.1.el6_5
java-1.7.0-openjdk	eq	1.7.0.55__2.4.7.1.el5_10
java-1.7.0-openjdk	eq	1.7.0.45__2.4.3.4.el6_5
java-1.7.0-openjdk	eq	1.7.0.71__2.5.3.1.el6
java-1.7.0-openjdk	eq	1.7.0.25__2.3.10.5.el5_9
java-1.7.0-openjdk	eq	1.7.0.51__2.4.4.2.el5_10
java-1.7.0-openjdk	eq	1.7.0.75__2.5.4.0.el5_11
java-1.7.0-openjdk	eq	1.7.0.9__2.3.4.1.el6_3