Vulnerability Description
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | 1.4.2 |
| Sun | Jre | 1.4.2 |
References
- http://www.securityfocus.com/archive/1/343038Exploit
- http://www.securityfocus.com/bid/8937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13570
- http://www.securityfocus.com/archive/1/343038Exploit
- http://www.securityfocus.com/bid/8937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13570
FAQ
What is CVE-2003-1156?
CVE-2003-1156 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpac...
How severe is CVE-2003-1156?
CVE-2003-1156 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1156?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre.