published date: March 14, 2005

CVE-2005-0471 : Sun Java JRE 1.1.x...

Description

Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.

Product(s):

Sun JDK 1.1.0
Sun JDK 1.2.0
Sun JDK 1.3.0
Sun JDK 1.4.0
Sun JDK 1.5.0
Sun JDK 5.0 Update10
Sun JDK 5.0 Update11
Sun JDK 1.5.0_11 b03
Sun JDK 5.0 Update12
Sun JDK 5.0 Update 13
Sun JDK 5.0 Update 14
Sun JDK 5.0 Update 15
Sun JDK 5.0 Update 16
Sun JDK 5.0 Update 17
Sun JDK 5.0 Update 18
Sun JDK 5.0 Update 19
Sun JDK 5.0 Update1
Sun JDK 5.0 Update 20
Sun JDK 5.0 Update 21
Sun JDK 5.0 Update 22
Sun JDK 5.0 Update 23
Sun JDK 5.0 Update 24
Sun JDK 5.0 Update 25
Sun JDK 5.0 Update 26
Sun JDK 5.0 Update 27
Sun JDK 5.0 Update 28
Sun JDK 5.0 Update 29
Sun JDK 5.0 Update2
Sun JDK 5.0 Update 31
Sun JDK 1.5.0_33 (JDK 5.0 Update 33)
Sun JDK 5.0 Update3
Sun JDK 5.0 Update4
Sun JDK 5.0 Update5
Sun JDK 1.5.0_6
Sun JDK 5.0 Update7
Sun JDK 1.5 _07-b03
Sun JDK 5.0 Update8
Sun JDK 5.0 Update9
Sun JRE 1.1
Sun JRE 1.2
Sun J2RE 1.3.0
Sun JRE 1.3.0 for Solaris
Sun JRE 1.3.0 for Windows
Sun JRE 1.3.0
Sun J2RE 1.3.0_01
Sun JRE 1.3.0 Update 1 for Linux
Sun J2RE 1.3.0_02
Sun JRE 1.3.0 Update 2 for Solaris
Sun JRE 1.3.0 Update 2 for Windows
Sun JRE 1.3.0 Update 2 Linux Edition
Sun J2RE 1.3.0_03
Sun J2RE 1.3.0_04
Sun J2RE 1.3.0_05
Sun JRE 1.3.0 Update 5 for Linux
Sun JRE 1.3.0 Update 5 for Solaris
Sun JRE 1.3.0 Update 5 for Windows
Sun JRE 1.4
Sun JRE 1.4 for Linux
Sun JRE 1.4 for Solaris
Sun JRE 1.4 for Windows
Sun JRE 1.5.0
Sun JRE 1.5.0_10 (JRE 5.0 Update 10)
Sun JRE 1.5.0_11 (JRE 5.0 Update 11)
Sun JRE 1.5.0_12 (JRE 5.0 Update 12)
Sun JRE 1.5.0_13 (JRE 5.0 Update 13)
Sun JRE 1.5.0_14 (JRE 5.0 Update 14)
Sun JRE 1.5.0_15 (JRE 5.0 Update 15)
Sun JRE 1.5.0_16 (JRE 5.0 Update 16)
Sun JRE 1.5.0_17 (JRE 5.0 Update 17)
Sun JRE 1.5.0_18 (JRE 5.0 Update 18)
Sun JRE 1.5.0_19 (JRE 5.0 Update 19)
Sun JRE 1.5.0_1 (JRE 5.0 Update 1)
Sun JRE 1.5.0_20 (JRE 5.0 Update 20)
Sun JRE 1.5.0_21 (JRE 5.0 Update 21)
Sun JRE 1.5.0_22 (JRE 5.0 Update 22)
Sun JRE 1.5.0_23 (JRE 5.0 Update 23)
Sun JRE 1.5.0_24 (JRE 5.0 Update 24)
Sun JRE 1.5.0_25 (JRE 5.0 Update 25)
Sun JRE 1.5.0_26 (JRE 5.0 Update 26)
Sun JRE 1.5.0_27 (JRE 5.0 Update 27)
Sun JRE 1.5.0_28 (JRE 5.0 Update 28)
Sun JRE 1.5.0_29 (JRE 5.0 Update 29)
Sun JRE 1.5.0_2 (JRE 5.0 Update 2)
Sun JRE 1.5.0_31 (JRE 5.0 Update 31)
Sun JRE 1.5.0_33 (JRE 5.0 Update 33)
Sun JRE 1.5.0_3 (JRE 5.0 Update 3)
Sun JRE 1.5.0_4 (JRE 5.0 Update 4)
Sun JRE 1.5.0_5 (JRE 5.0 Update 5)
Sun JRE 1.5.0_6 (JRE 5.0 Update 6)
Sun JRE 1.5.0_7 (JRE 5.0 Update 7)
Sun JRE 1.5.0_8 (JRE 5.0 Update 8)
Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

CVSS:5 [Critical]
EPSS:1.40%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2005-0471, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2005-0471 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2005-0471

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales