CVE-2005-0836

2005-05-0204:00:00

mitre

web.nvd.nist.gov

cve

2005

0836

argument injection

java web start

j2se 1.4.2

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.433

Percentile

97.4%

JSON

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

Affected configurations

Nvd

Node

sunj2seMatch1.4.2sdk

sunj2seMatch1.4.2_01sdk

sunj2seMatch1.4.2_02sdk

sunj2seMatch1.4.2_03sdk

sunj2seMatch1.4.2_04sdk

sunj2seMatch1.4.2_05sdk

sunj2seMatch1.4.2_06sdk

VendorProductVersionCPE
sunj2se1.4.2cpe:2.3:a:sun:j2se:1.4.2:*:sdk:*:*:*:*:*
sunj2se1.4.2_01cpe:2.3:a:sun:j2se:1.4.2_01:*:sdk:*:*:*:*:*
sunj2se1.4.2_02cpe:2.3:a:sun:j2se:1.4.2_02:*:sdk:*:*:*:*:*
sunj2se1.4.2_03cpe:2.3:a:sun:j2se:1.4.2_03:*:sdk:*:*:*:*:*
sunj2se1.4.2_04cpe:2.3:a:sun:j2se:1.4.2_04:*:sdk:*:*:*:*:*
sunj2se1.4.2_05cpe:2.3:a:sun:j2se:1.4.2_05:*:sdk:*:*:*:*:*
sunj2se1.4.2_06cpe:2.3:a:sun:j2se:1.4.2_06:*:sdk:*:*:*:*:*

Vendor	Product	Version	CPE
sun	j2se	1.4.2	cpe:2.3:a:sun:j2se:1.4.2::sdk:::::
sun	j2se	1.4.2_01	cpe:2.3:a:sun:j2se:1.4.2_01::sdk:::::
sun	j2se	1.4.2_02	cpe:2.3:a:sun:j2se:1.4.2_02::sdk:::::
sun	j2se	1.4.2_03	cpe:2.3:a:sun:j2se:1.4.2_03::sdk:::::
sun	j2se	1.4.2_04	cpe:2.3:a:sun:j2se:1.4.2_04::sdk:::::
sun	j2se	1.4.2_05	cpe:2.3:a:sun:j2se:1.4.2_05::sdk:::::
sun	j2se	1.4.2_06	cpe:2.3:a:sun:j2se:1.4.2_06::sdk:::::