CVE-2005-0836

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

cve

2005

0836

argument injection

java web start

j2se 1.4.2

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.433 Medium

EPSS

Percentile

97.4%

JSON

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

Affected configurations

NVD

Node

sunj2seMatch1.4.2sdk

sunj2seMatch1.4.2_01sdk

sunj2seMatch1.4.2_02sdk

sunj2seMatch1.4.2_03sdk

sunj2seMatch1.4.2_04sdk

sunj2seMatch1.4.2_05sdk

sunj2seMatch1.4.2_06sdk

CPENameOperatorVersion
sun:j2sesun j2seeq1.4.2
sun:j2sesun j2seeq1.4.2_01
sun:j2sesun j2seeq1.4.2_02
sun:j2sesun j2seeq1.4.2_03
sun:j2sesun j2seeq1.4.2_04
sun:j2sesun j2seeq1.4.2_05
sun:j2sesun j2seeq1.4.2_06

CPE	Name	Operator	Version
sun:j2se	sun j2se	eq	1.4.2
sun:j2se	sun j2se	eq	1.4.2_01
sun:j2se	sun j2se	eq	1.4.2_02
sun:j2se	sun j2se	eq	1.4.2_03
sun:j2se	sun j2se	eq	1.4.2_04
sun:j2se	sun j2se	eq	1.4.2_05
sun:j2se	sun j2se	eq	1.4.2_06