CVE-2005-1080

Publication date 2 May 2005

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.

Read the notes from the security team

Status

Package Ubuntu Release Status
openjdk-6 16.04 LTS xenial Not in release
15.10 wily Ignored end of life
15.04 vivid
Not affected
14.10 utopic
Fixed 6b35-1.13.7-1ubuntu0.14.10.1
14.04 LTS trusty
Fixed 6b35-1.13.7-1ubuntu0.14.04.1
13.10 saucy Ignored end of life
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise
Fixed 6b35-1.13.7-1ubuntu0.12.04.2
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.10 maverick Ignored end of life
10.04 LTS lucid
Fixed 6b35-1.13.7-1ubuntu0.10.04.2
9.10 karmic Ignored end of life
9.04 jaunty Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Not in release
sun-java5 16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Ignored end of life
8.10 intrepid Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life
sun-java6 16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Not in release
14.04 LTS trusty Not in release
13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Ignored end of life
9.04 jaunty Ignored end of life
8.10 intrepid Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Not in release

Notes

sbeattie

test script: https://bugzilla.redhat.com/attachment.cgi?id=415508 oracle re-issued a cve for this as CVE-2015-0480

References

Other references