Lucene search

[email protected]CVE-2007-2435

HistoryMay 02, 2007 - 10:19 a.m.

CVE-2007-2435

2007-05-0210:19:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-2435

sun java

web start

jdk

jre 5.0

vulnerability

nvd

unauthorized actions

system classes

jnlp files

6.4 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.033 Low

EPSS

Percentile

91.2%

JSON

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to “Incorrect Use of System Classes” and probably related to support for JNLP files.

CPENameOperatorVersion
sun:sdksun sdkle1.4.3_13
sun:jresun jrele1.4.2
sun:java_enterprise_systemsun java enterprise systemle5.0
sun:jresun jrele1.5.0

CPE	Name	Operator	Version
sun:sdk	sun sdk	le	1.4.3_13
sun:jre	sun jre	le	1.4.2
sun:java_enterprise_system	sun java enterprise system	le	5.0
sun:jre	sun jre	le	1.5.0

References

dev2dev.bea.com/pub/advisory/241

docs.info.apple.com/article.html?artnum=307177

lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

osvdb.org/35483

secunia.com/advisories/25069

secunia.com/advisories/25283

secunia.com/advisories/25413

secunia.com/advisories/25474

secunia.com/advisories/25832

secunia.com/advisories/26311

secunia.com/advisories/26369

secunia.com/advisories/28115

secunia.com/advisories/29858

secunia.com/advisories/30780

security.gentoo.org/glsa/glsa-200706-08.xml

security.gentoo.org/glsa/glsa-200804-28.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1

support.avaya.com/elmodocs2/security/ASA-2007-199.htm

www.gentoo.org/security/en/glsa/glsa-200705-23.xml

www.gentoo.org/security/en/glsa/glsa-200804-20.xml

www.gentoo.org/security/en/glsa/glsa-200806-11.xml

www.redhat.com/support/errata/RHSA-2007-0817.html

www.redhat.com/support/errata/RHSA-2007-0829.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/bid/23728

www.securitytracker.com/id?1017986

www.vupen.com/english/advisories/2007/1598

www.vupen.com/english/advisories/2007/1814

www.vupen.com/english/advisories/2007/4224

exchange.xforce.ibmcloud.com/vulnerabilities/33984

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999

6.4 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.033 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2007-2435

jvn1 nessus10 ubuntucve1 prion1 securityvulns2 openvas10 gentoo3 redhat4