(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss.
Max CVSS
7.8
EPSS Score
27.78%
Published
2005-11-16
Updated
2016-10-18
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
Max CVSS
5.0
EPSS Score
0.49%
Published
2005-05-02
Updated
2017-01-03
The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.
Max CVSS
5.0
EPSS Score
0.53%
Published
2005-05-02
Updated
2016-10-18
3 vulnerabilities found