CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2003-1156

Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.1%

CVSS Severity

CVSS v2 Score 4.6

References

http://www.securityfocus.com/archive/1/343038
http://www.securityfocus.com/bid/8937
https://exchange.xforce.ibmcloud.com/vulnerabilities/13570
http://www.securityfocus.com/archive/1/343038
http://www.securityfocus.com/bid/8937
https://exchange.xforce.ibmcloud.com/vulnerabilities/13570

Products affected by CVE-2003-1156

Sun » Jdk » Version: 1.4.2

cpe:2.3:a:sun:jdk:1.4.2
Sun » Jdk » Version: 1.4.2_02

cpe:2.3:a:sun:jdk:1.4.2_02
Sun » Jre » Version: 1.4.2

cpe:2.3:a:sun:jre:1.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2003-1156

Products

Pricing

Contact Us