Lucene search

[email protected]CVE-2007-3655

HistoryJul 10, 2007 - 7:30 p.m.

CVE-2007-3655

2007-07-1019:30:00

CWE-119

[email protected]

web.nvd.nist.gov

137

cve-2007-3655

security

buffer overflow

remote code execution

java web start

jnlp

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.944 High

EPSS

Percentile

99.2%

JSON

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

CPENameOperatorVersion
sun:jresun jreeq1.5.0
sun:jresun jreeq1.6.0

CPE	Name	Operator	Version
sun:jre	sun jre	eq	1.5.0
sun:jre	sun jre	eq	1.6.0

References

docs.info.apple.com/article.html?artnum=307177

lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html

osvdb.org/37756

research.eeye.com/html/advisories/published/AD20070705.html

secunia.com/advisories/25981

secunia.com/advisories/26314

secunia.com/advisories/26369

secunia.com/advisories/27266

secunia.com/advisories/28115

secunia.com/advisories/29858

secunia.com/advisories/30780

security.gentoo.org/glsa/glsa-200804-28.xml

securityreason.com/securityalert/2874

sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1

www.exploit-db.com/exploits/30284

www.gentoo.org/security/en/glsa/glsa-200804-20.xml

www.gentoo.org/security/en/glsa/glsa-200806-11.xml

www.novell.com/linux/security/advisories/2007_56_ibmjava.html

www.redhat.com/support/errata/RHSA-2007-0818.html

www.redhat.com/support/errata/RHSA-2007-0829.html

www.securityfocus.com/archive/1/473224/100/0/threaded

www.securityfocus.com/archive/1/473356/100/0/threaded

www.securityfocus.com/bid/24832

www.securitytracker.com/id?1018346

www.vupen.com/english/advisories/2007/2477

www.vupen.com/english/advisories/2007/4224

exchange.xforce.ibmcloud.com/vulnerabilities/35320

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11367

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.944 High

EPSS

Percentile

99.2%

JSON

Related for CVE-2007-3655

checkpoint_advisories2 prion1 zdt1 nessus10 ubuntucve1 redhat2 openvas9 suse1 f52 gentoo1