ID CVE-2006-0616 Type cve Reporter NVD Modified 2017-07-19T21:29:55
Description
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."
{"osvdb": [{"lastseen": "2017-04-28T13:20:20", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1)\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200602-07.xml)\nSecurity Tracker: 1015596\n[Secunia Advisory ID:18760](https://secuniaresearch.flexerasoftware.com/advisories/18760/)\n[Secunia Advisory ID:18884](https://secuniaresearch.flexerasoftware.com/advisories/18884/)\n[Related OSVDB ID: 23091](https://vulners.com/osvdb/OSVDB:23091)\n[Related OSVDB ID: 23092](https://vulners.com/osvdb/OSVDB:23092)\n[Related OSVDB ID: 23093](https://vulners.com/osvdb/OSVDB:23093)\n[Related OSVDB ID: 23095](https://vulners.com/osvdb/OSVDB:23095)\n[Related OSVDB ID: 23096](https://vulners.com/osvdb/OSVDB:23096)\n[Related OSVDB ID: 23097](https://vulners.com/osvdb/OSVDB:23097)\nKeyword: BugID: 6316322\n[CVE-2006-0616](https://vulners.com/cve/CVE-2006-0616)\nCERT VU: 759996\n", "modified": "2006-02-07T04:18:43", "published": "2006-02-07T04:18:43", "href": "https://vulners.com/osvdb/OSVDB:23094", "id": "OSVDB:23094", "title": "Sun Java JRE Unspecified reflection API Privilege Escalation (6316322)", "type": "osvdb", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:06:32", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200602-07\n(Sun JDK/JRE: Applet privilege escalation)\n\n Applets executed using JRE or JDK can use 'reflection' APIs\n functions to elevate its privileges beyond the sandbox restrictions.\n Adam Gowdiak discovered five vulnerabilities that use this method for\n privilege escalation. Two more vulnerabilities were discovered by the\n vendor. Peter Csepely discovered that Web Start Java applications also\n can an escalate their privileges.\nImpact :\n\n A malicious Java applet can bypass Java sandbox restrictions and\n hence access local files, connect to arbitrary network locations and\n execute arbitrary code on the user's machine. Java Web Start\n applications are affected likewise.\nWorkaround :\n\n Select another Java implementation using java-config.", "modified": "2018-11-19T00:00:00", "published": "2006-02-15T00:00:00", "id": "GENTOO_GLSA-200602-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20921", "title": "GLSA-200602-07 : Sun JDK/JRE: Applet privilege escalation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200602-07.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20921);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2006-0614\", \"CVE-2006-0615\", \"CVE-2006-0616\", \"CVE-2006-0617\");\n script_bugtraq_id(15615);\n script_xref(name:\"GLSA\", value:\"200602-07\");\n\n script_name(english:\"GLSA-200602-07 : Sun JDK/JRE: Applet privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200602-07\n(Sun JDK/JRE: Applet privilege escalation)\n\n Applets executed using JRE or JDK can use 'reflection' APIs\n functions to elevate its privileges beyond the sandbox restrictions.\n Adam Gowdiak discovered five vulnerabilities that use this method for\n privilege escalation. Two more vulnerabilities were discovered by the\n vendor. Peter Csepely discovered that Web Start Java applications also\n can an escalate their privileges.\n \nImpact :\n\n A malicious Java applet can bypass Java sandbox restrictions and\n hence access local files, connect to arbitrary network locations and\n execute arbitrary code on the user's machine. Java Web Start\n applications are affected likewise.\n \nWorkaround :\n\n Select another Java implementation using java-config.\"\n );\n # http://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97cf7c58\"\n );\n # http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3bce764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200602-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Sun JDK users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.10'\n All Sun JRE users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.10'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sun-jdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sun-jre-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/02/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-java/sun-jre-bin\", unaffected:make_list(\"ge 1.4.2.10\"), vulnerable:make_list(\"lt 1.4.2.10\"))) flag++;\nif (qpkg_check(package:\"dev-java/sun-jdk\", unaffected:make_list(\"ge 1.4.2.10\"), vulnerable:make_list(\"lt 1.4.2.10\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Sun JDK/JRE\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-04-06T11:37:28", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-SDK\n IBMJava2-JRE\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020148 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065195", "id": "OPENVAS:136141256231065195", "title": "SLES9: Security update for IBMJava2-JRE and IBMJava2-SDK", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020148.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for IBMJava2-JRE and IBMJava2-SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-SDK\n IBMJava2-JRE\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020148 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65195\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-0614\", \"CVE-2006-0615\", \"CVE-2006-0616\", \"CVE-2006-0617\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SLES9: Security update for IBMJava2-JRE and IBMJava2-SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava2-SDK\", rpm:\"IBMJava2-SDK~1.4.2~0.68\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:16", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-SDK\n IBMJava2-JRE\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020148 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65195", "id": "OPENVAS:65195", "title": "SLES9: Security update for IBMJava2-JRE and IBMJava2-SDK", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020148.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for IBMJava2-JRE and IBMJava2-SDK\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-SDK\n IBMJava2-JRE\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020148 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65195);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-0614\", \"CVE-2006-0615\", \"CVE-2006-0616\", \"CVE-2006-0617\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"SLES9: Security update for IBMJava2-JRE and IBMJava2-SDK\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"IBMJava2-SDK\", rpm:\"IBMJava2-SDK~1.4.2~0.68\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:04", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200602-07.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56326", "id": "OPENVAS:56326", "title": "Gentoo Security Advisory GLSA 200602-07 (Sun JDK, applet)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not\nadequately constrain applets from privilege escalation and arbitrary code\nexecution.\";\ntag_solution = \"All Sun JDK users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.10'\n\nAll Sun JRE users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.10'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200602-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=122156\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200602-07.\";\n\n \n\nif(description)\n{\n script_id(56326);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-0614\", \"CVE-2006-0615\", \"CVE-2006-0616\", \"CVE-2006-0617\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200602-07 (Sun JDK, applet)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-java/sun-jdk\", unaffected: make_list(\"ge 1.4.2.10\"), vulnerable: make_list(\"lt 1.4.2.10\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"dev-java/sun-jre-bin\", unaffected: make_list(\"ge 1.4.2.10\"), vulnerable: make_list(\"lt 1.4.2.10\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "description": "### Background\n\nSun's JDK and JRE provide interpreters for Java Applets in a sandboxed environment. These implementations provide the Java Web Start technology that can be used for easy client-side deployment of Java applications. \n\n### Description\n\nApplets executed using JRE or JDK can use \"reflection\" APIs functions to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak discovered five vulnerabilities that use this method for privilege escalation. Two more vulnerabilities were discovered by the vendor. Peter Csepely discovered that Web Start Java applications also can an escalate their privileges. \n\n### Impact\n\nA malicious Java applet can bypass Java sandbox restrictions and hence access local files, connect to arbitrary network locations and execute arbitrary code on the user's machine. Java Web Start applications are affected likewise. \n\n### Workaround\n\nSelect another Java implementation using java-config. \n\n### Resolution\n\nAll Sun JDK users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jdk-1.4.2.10\"\n\nAll Sun JRE users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/sun-jre-bin-1.4.2.10\"", "modified": "2006-02-15T00:00:00", "published": "2006-02-15T00:00:00", "id": "GLSA-200602-07", "href": "https://security.gentoo.org/glsa/200602-07", "type": "gentoo", "title": "Sun JDK/JRE: Applet privilege escalation", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}