Lucene search

K
cveMitreCVE-2007-2435
HistoryMay 02, 2007 - 10:19 a.m.

CVE-2007-2435

2007-05-0210:19:00
CWE-264
mitre
web.nvd.nist.gov
37
cve-2007-2435
sun java
web start
jdk
jre 5.0
vulnerability
nvd
unauthorized actions
system classes
jnlp files

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.032

Percentile

91.2%

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to “Incorrect Use of System Classes” and probably related to support for JNLP files.

Affected configurations

Nvd
Node
sunjava_enterprise_systemRange5.0update10
OR
sunjreRange1.4.2update13
OR
sunjreRange1.5.0update10
OR
sunsdkRange1.4.3_13
VendorProductVersionCPE
sunjava_enterprise_system*cpe:2.3:a:sun:java_enterprise_system:*:update10:*:*:*:*:*:*
sunjre*cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*
sunjre*cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*
sunsdk*cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*

References

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.032

Percentile

91.2%