Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2006-3619

Published: 25/07/2006 Updated: 11/10/2017
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Summary

Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and previous versions, and 3.4.6 and previous versions, allows user-assisted malicious users to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.

Vulnerable Product Search on Vulmon Subscribe to Product

fastjar fastjar 0.93

Vendor Advisories

Debian Security Advisories: DSA-1170-1 gcc-3.4 -- missing sanity check
Jürgen Weigert discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories For the stable distribution (sarge) this problem has been fixed in version 343-13sarge1 For the unstable distribution (sid) this problem has ...

References

NVD-CWE-Otherhttp://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359http://lists.debian.org/debian-gcc/2006/05/msg00317.htmlhttp://www.securityfocus.com/bid/15669http://www.osvdb.org/21337http://secunia.com/advisories/17839http://secunia.com/advisories/21100http://www.debian.org/security/2006/dsa-1170http://secunia.com/advisories/21797http://www.redhat.com/support/errata/RHSA-2007-0220.htmlhttp://secunia.com/advisories/25098http://www.securitytracker.com/id?1017987http://support.avaya.com/elmodocs2/security/ASA-2007-189.htmhttp://secunia.com/advisories/25281http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlhttp://security.gentoo.org/glsa/glsa-200711-23.xmlhttp://rhn.redhat.com/errata/RHSA-2007-0473.htmlftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://secunia.com/advisories/25633http://secunia.com/advisories/25894http://secunia.com/advisories/26909http://secunia.com/advisories/27706http://www.mandriva.com/security/advisories?name=MDVSA-2008:066http://secunia.com/advisories/29334http://www.vupen.com/english/advisories/2007/3229http://www.vupen.com/english/advisories/2005/2686http://www.vupen.com/english/advisories/2006/2866https://exchange.xforce.ibmcloud.com/vulnerabilities/27806https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9617https://nvd.nist.govhttps://www.debian.org/security/./dsa-1170
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073CVE-2024-5496CVE-2024-5495XPath injectionbypassCVE-2024-30043CVE-2024-24919denial of serviceCVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook