CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
91.2%
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to “Incorrect Use of System Classes” and probably related to support for JNLP files.
dev2dev.bea.com/pub/advisory/241
docs.info.apple.com/article.html?artnum=307177
lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
osvdb.org/35483
secunia.com/advisories/25069
secunia.com/advisories/25283
secunia.com/advisories/25413
secunia.com/advisories/25474
secunia.com/advisories/25832
secunia.com/advisories/26311
secunia.com/advisories/26369
secunia.com/advisories/28115
secunia.com/advisories/29858
secunia.com/advisories/30780
security.gentoo.org/glsa/glsa-200706-08.xml
security.gentoo.org/glsa/glsa-200804-28.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
support.avaya.com/elmodocs2/security/ASA-2007-199.htm
www.gentoo.org/security/en/glsa/glsa-200705-23.xml
www.gentoo.org/security/en/glsa/glsa-200804-20.xml
www.gentoo.org/security/en/glsa/glsa-200806-11.xml
www.redhat.com/support/errata/RHSA-2007-0817.html
www.redhat.com/support/errata/RHSA-2007-0829.html
www.redhat.com/support/errata/RHSA-2008-0261.html
www.securityfocus.com/bid/23728
www.securitytracker.com/id?1017986
www.vupen.com/english/advisories/2007/1598
www.vupen.com/english/advisories/2007/1814
www.vupen.com/english/advisories/2007/4224
exchange.xforce.ibmcloud.com/vulnerabilities/33984
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999