- Description
- Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:jdk:1.4.2:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37F8AA83-3B27-4EB5-BC5E-E541248F61F1"
},
{
"criteria": "cpe:2.3:a:sun:jdk:1.4.2_02:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3AF426F2-93EF-4F2C-AD0C-8AB40AD72364"
},
{
"criteria": "cpe:2.3:a:sun:jre:1.4.2:*:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D1C4B12-6949-4399-BC8D-3B018213FF0B"
},
{
"criteria": "cpe:2.3:a:sun:jre:1.4.2:update2:linux:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF77B446-426C-4480-9B9A-DD98F7ED82AE"
}
],
"operator": "OR"
}
]
}
]