Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:29212182
HistoryJun 10, 2011 - 12:00 a.m.

JVN#29212182: Java Web Start may insecurely load policy files

2011-06-1000:00:00
Japan Vulnerability Notes
jvn.jp
15

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

EPSS

0.012

Percentile

85.5%

JSON

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load policy files.

Impact

An attacker may execute arbitrary code with the privilege of the running application.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Products Affected

  • Java SE 6 Update 25 and earlier for Windows

Related

cvelist 2
ubuntucve 2
nvd 2
prion 2
cve 2
openvas 2
suse 4
nessus 10
cvelist
cvelist
CVE-2011-0786
2011-06-14 18:00:00
CVE-2011-0788
2011-06-14 18:00:00
ubuntucve
ubuntucve
CVE-2011-0788
2011-06-14 00:00:00
CVE-2011-0786
2011-06-14 00:00:00
nvd
nvd
CVE-2011-0786
2011-06-14 18:55:01
CVE-2011-0788
2011-06-14 18:55:01
prion
prion
Design/Logic Flaw
2011-06-14 18:55:00
Design/Logic Flaw
2011-06-14 18:55:00
cve
cve
CVE-2011-0788
2011-06-14 18:55:01
CVE-2011-0786
2011-06-14 18:55:01
openvas
openvas
Oracle Java SE Multiple Unspecified Vulnerabilities 01 - June11 (Windows)
2011-06-24 00:00:00
Oracle Java SE Multiple Unspecified Vulnerabilities - 01 - (Jun 2011) - Windows
2011-06-24 00:00:00
suse
suse
remote code execution in java-1_6_0-ibm
2011-07-18 17:57:23
Security update for IBM Java (important)
2011-07-19 07:08:31
Sun/Oracle Java (critical)
2011-06-14 19:08:14
nessus
nessus
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7627)
2011-12-13 00:00:00
SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4875)
2011-07-19 00:00:00
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7626)
2011-07-19 00:00:00

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

EPSS

0.012

Percentile

85.5%

JSON
Related for JVN:29212182
cvelist2ubuntucve2nvd2prion2cve2openvas2suse4nessus10