Lucene search

[email protected]CVE-2007-2435

HistoryMay 02, 2007 - 10:19 a.m.

CVE-2007-2435

2007-05-0210:19:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-2435

sun java

web start

jdk

jre 5.0

vulnerability

nvd

unauthorized actions

system classes

jnlp files

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to “Incorrect Use of System Classes” and probably related to support for JNLP files.

Affected configurations

NVD

Node

sunjava_enterprise_systemRange≤5.0update10

sunjreRange≤1.4.2update13

sunjreRange≤1.5.0update10

sunsdkRange≤1.4.3_13

CPENameOperatorVersion
sun:java_enterprise_systemsun java enterprise systemle5.0
sun:jresun jrele1.4.2
sun:jresun jrele1.5.0
sun:sdksun sdkle1.4.3_13

CPE	Name	Operator	Version
sun:java_enterprise_system	sun java enterprise system	le	5.0
sun:jre	sun jre	le	1.4.2
sun:jre	sun jre	le	1.5.0
sun:sdk	sun sdk	le	1.4.3_13

References

dev2dev.bea.com/pub/advisory/241

docs.info.apple.com/article.html?artnum=307177

lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

osvdb.org/35483

secunia.com/advisories/25069

secunia.com/advisories/25283

secunia.com/advisories/25413

secunia.com/advisories/25474

secunia.com/advisories/25832

secunia.com/advisories/26311

secunia.com/advisories/26369

secunia.com/advisories/28115

secunia.com/advisories/29858

secunia.com/advisories/30780

security.gentoo.org/glsa/glsa-200706-08.xml

security.gentoo.org/glsa/glsa-200804-28.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1

support.avaya.com/elmodocs2/security/ASA-2007-199.htm

www.gentoo.org/security/en/glsa/glsa-200705-23.xml

www.gentoo.org/security/en/glsa/glsa-200804-20.xml

www.gentoo.org/security/en/glsa/glsa-200806-11.xml

www.redhat.com/support/errata/RHSA-2007-0817.html

www.redhat.com/support/errata/RHSA-2007-0829.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/bid/23728

www.securitytracker.com/id?1017986

www.vupen.com/english/advisories/2007/1598

www.vupen.com/english/advisories/2007/1814

www.vupen.com/english/advisories/2007/4224

exchange.xforce.ibmcloud.com/vulnerabilities/33984

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2007-2435

cvelist1 nessus10 jvn1 prion1 ubuntucve1 nvd1 openvas10 gentoo3 securityvulns2 redhat4