SUN » JRE » 1.5.0 update11 : Security Vulnerabilities, CVEs, (Directory traversal)

cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*

CVE-2009-3728

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.
Max CVSS
5.0
EPSS Score
0.70%
Published
2009-11-09
Updated
2018-10-30

CVE-2007-3504

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
Max CVSS
9.3
EPSS Score
17.54%
Published
2007-06-30
Updated
2018-10-15
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close