ID CVE-2007-5236 Type cve Reporter NVD Modified 2017-09-28T21:29:31
Description
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.
{"result": {"osvdb": [{"id": "OSVDB:37764", "type": "osvdb", "title": "Sun Java JRE / JDK on Windows Untrusted Application Arbitrary File Access", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1)\n[Secunia Advisory ID:27009](https://secuniaresearch.flexerasoftware.com/advisories/27009/)\n[Secunia Advisory ID:27206](https://secuniaresearch.flexerasoftware.com/advisories/27206/)\n[Secunia Advisory ID:27716](https://secuniaresearch.flexerasoftware.com/advisories/27716/)\n[Secunia Advisory ID:27261](https://secuniaresearch.flexerasoftware.com/advisories/27261/)\n[Secunia Advisory ID:27693](https://secuniaresearch.flexerasoftware.com/advisories/27693/)\n[Related OSVDB ID: 37761](https://vulners.com/osvdb/OSVDB:37761)\n[Related OSVDB ID: 37762](https://vulners.com/osvdb/OSVDB:37762)\n[Related OSVDB ID: 37763](https://vulners.com/osvdb/OSVDB:37763)\n[Related OSVDB ID: 37765](https://vulners.com/osvdb/OSVDB:37765)\n[Related OSVDB ID: 37759](https://vulners.com/osvdb/OSVDB:37759)\n[Related OSVDB ID: 37760](https://vulners.com/osvdb/OSVDB:37760)\nRedHat RHSA: RHSA-2007:0963\nOther Advisory URL: http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html\nOther Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html\nOther Advisory URL: HPSBUX02284 SSRT071483:\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_55_java.html\nISS X-Force ID: 36946\nFrSIRT Advisory: ADV-2007-3895\n[CVE-2007-5236](https://vulners.com/cve/CVE-2007-5236)\nBugtraq ID: 25920\n", "published": "2007-10-03T18:28:55", "cvss": {"score": 5.4, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:37764", "cvelist": ["CVE-2007-5236"], "lastseen": "2017-04-28T13:20:33"}], "nessus": [{"id": "SUSE_JAVA-1_5_0-IBM-4687.NASL", "type": "nessus", "title": "SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 4687)", "description": "The IBM Java JRE/SDK has been brought to release 1.5.0 SR6, containing several bugfixes, including the following security fixes :\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274)\n\n - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.\n (CVE-2007-5273)\n\n - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236)\n\n - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238)\n\n - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239)\n\n - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. CVE-2007-4381: A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-5240)\n\n - The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. (CVE-2007-3698)\n\nFor more information see:\nhttp://www-128.ibm.com/developerworks/java/jdk/alerts/\n\nAdditionally a concurrency bug has been fixed (Novell Bug 330713).", "published": "2007-12-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29476", "cvelist": ["CVE-2007-3698", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274"], "lastseen": "2017-10-29T13:38:23"}, {"id": "SUSE_JAVA-1_4_2-SUN-4533.NASL", "type": "nessus", "title": "SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 4533)", "description": "The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. (CVE-2007-5232)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1\n\n - Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion. (CVE-2007-5236)\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n (CVE-2007-5237)\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'. (CVE-2007-5238)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1\n\n - Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n (CVE-2007-5239)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1\n\n - Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. (CVE-2007-5240)\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. (CVE-2007-5273)\n\n - Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. (CVE-2007-5274)", "published": "2007-12-13T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29473", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-10-29T13:36:09"}, {"id": "SUN_JAVA_JRE_103079_UNIX.NASL", "type": "nessus", "title": "Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112) (Unix)", "description": "According to its version number, the Sun Java Runtime Environment (JRE) and/or Web Start installed on the remote host is reportedly affected by several issues that could be abused to move / copy local files, read or write local files, circumvent network access restrictions, or elevate privileges.", "published": "2013-02-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64824", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-10-29T13:41:38"}, {"id": "SUSE_JAVA-1_6_0-SUN-4525.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-4525)", "description": "The Sun JAVA JDK 1.6.0 was upgraded to release 3 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "published": "2007-10-18T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27513", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-10-29T13:34:08"}, {"id": "SUSE_JAVA-1_5_0-SUN-4527.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-4527)", "description": "The Sun JAVA JDK 1.5.0 was upgraded to release 13 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "published": "2007-10-18T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27512", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-10-29T13:38:12"}, {"id": "SUSE_JAVA-1_4_2-SUN-4536.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-4536)", "description": "The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix various bugs, including the following security bugs :\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 079-1\n\nCVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 073-1\n\nCVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enfor ce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted applica tion.\n\nCVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka 'two vulnerabilities'.\n\nCVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka 'three vulnerabilities.'\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 072-1\n\nCVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 071-1\n\nCVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.\n\nhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103 078-1\n\nCVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274.\n\nCVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273.", "published": "2007-10-18T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27511", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-10-29T13:38:32"}, {"id": "SUN_JAVA_JRE_103079.NASL", "type": "nessus", "title": "Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112)", "description": "According to its version number, the Sun Java Runtime Environment (JRE) and/or Web Start installed on the remote host reportedly is affected by several issues that could be abused to move / copy local files, read or write local files, circumvent network access restrictions, or elevate privileges.", "published": "2007-10-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=26923", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-10-29T13:37:23"}, {"id": "SUSE9_12142.NASL", "type": "nessus", "title": "SuSE9 Security Update : IBM Java 2 JRE and SDK (YOU Patch Number 12142)", "description": "IBM Java 1.4.2 was updated to SR10 to fix various security issues :\n\n - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196)\n\n - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195)\n\n - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2008-1192)\n\n - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges.\n For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190)\n\n - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189)\n\n - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187)\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274)\n\n - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.\n (CVE-2007-5273)\n\n - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236)\n\n - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238)\n\n - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239)\n\n - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240)\n\n - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381)\n\n - The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. (CVE-2007-3698)", "published": "2009-09-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41210", "cvelist": ["CVE-2007-3698", "CVE-2008-1195", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1192"], "lastseen": "2017-10-29T13:36:32"}, {"id": "SUSE_JAVA-1_4_2-IBM-5182.NASL", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 5182)", "description": "IBM Java 1.4.2 was updated to SR10 to fix various security issues :\n\n - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196)\n\n - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195)\n\n - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2008-1192)\n\n - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges.\n For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190)\n\n - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189)\n\n - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187)\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274)\n\n - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.\n (CVE-2007-5273)\n\n - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236)\n\n - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238)\n\n - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239)\n\n - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240)\n\n - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381)\n\n - The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. (CVE-2007-3698)", "published": "2008-04-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32049", "cvelist": ["CVE-2007-3698", "CVE-2008-1195", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1192"], "lastseen": "2017-10-29T13:40:21"}, {"id": "SUSE_JAVA-1_5_0-IBM-5183.NASL", "type": "nessus", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)", "description": "IBM Java 5 was updated to SR7 to fix various security issues :\n\n - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196)\n\n - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195)\n\n - Two buffer overflow vulnerabilities may allow an untrusted applet or application to cause the Java Runtime Environment to crash. (CVE-2008-1194)\n\n - A buffer overflow vulnerability in the Java Runtime Environment image parsing code may allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash. (CVE-2008-1194)\n\n - A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1193)\n\n - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet.\n (CVE-2008-1192)\n\n - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges.\n For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190)\n\n - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189)\n\n - Two buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1188)\n\n - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187)\n\n - A vulnerability in the Java Runtime Environment may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet.\n (CVE-2008-0657)\n\n - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232)\n\n - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274)\n\n - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.\n (CVE-2007-5273)\n\n - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236)\n\n - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238)\n\n - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239)\n\n - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240)\n\n - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381)", "published": "2008-04-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=32050", "cvelist": ["CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-0657", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "lastseen": "2018-01-22T23:05:39"}], "openvas": [{"id": "OPENVAS:136141256231065091", "type": "openvas", "title": "SLES9: Security update for Sun Java 2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020427 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065091", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2018-04-06T11:38:10"}, {"id": "OPENVAS:65091", "type": "openvas", "title": "SLES9: Security update for Sun Java 2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java2\n java2-jre\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020427 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65091", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-07-26T08:55:31"}, {"id": "OPENVAS:835094", "type": "openvas", "title": "HP-UX Update for Java JRE and JDK HPSBUX02284", "description": "Check for the Version of Java JRE and JDK", "published": "2009-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=835094", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-07-24T12:57:00"}, {"id": "OPENVAS:850067", "type": "openvas", "title": "SuSE Update for Sun Java SUSE-SA:2007:055", "description": "Check for the Version of Sun Java", "published": "2009-01-28T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850067", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2017-12-12T11:21:03"}, {"id": "OPENVAS:136141256231065313", "type": "openvas", "title": "SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021818 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065313", "cvelist": ["CVE-2007-3698", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274"], "lastseen": "2018-04-06T11:37:54"}, {"id": "OPENVAS:65313", "type": "openvas", "title": "SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava5-JRE\n IBMJava5-SDK\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021818 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65313", "cvelist": ["CVE-2007-3698", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274"], "lastseen": "2017-07-26T08:55:25"}, {"id": "OPENVAS:1361412562310835094", "type": "openvas", "title": "HP-UX Update for Java JRE and JDK HPSBUX02284", "description": "Check for the Version of Java JRE and JDK", "published": "2009-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835094", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5689", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2018-04-09T11:41:08"}, {"id": "OPENVAS:850026", "type": "openvas", "title": "SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008:025", "description": "Check for the Version of IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm", "published": "2009-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850026", "cvelist": ["CVE-2007-3698", "CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-0657", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "lastseen": "2017-12-12T11:21:13"}, {"id": "OPENVAS:66000", "type": "openvas", "title": "SLES10: Security update for IBM Java 1.5.0", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n java-1_5_0-ibm\n java-1_5_0-ibm-alsa\n java-1_5_0-ibm-devel\n java-1_5_0-ibm-fonts\n java-1_5_0-ibm-jdbc\n java-1_5_0-ibm-plugin\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66000", "cvelist": ["CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-0657", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "lastseen": "2017-07-26T08:56:10"}, {"id": "OPENVAS:65053", "type": "openvas", "title": "SLES9: Security update for IBM Java 2 JRE and SDK", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n IBMJava2-SDK\n IBMJava2-JRE\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023603 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65053", "cvelist": ["CVE-2007-3698", "CVE-2008-1195", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1192"], "lastseen": "2017-07-26T08:55:28"}], "suse": [{"id": "SUSE-SA:2007:055", "type": "suse", "title": "remote code execution in Sun Java", "description": "The Sun JAVA JDK 1.5.0 was upgraded to release 13, and the Sun JAVA SDK 1.4.2 was upgraded to update 16 to fix various bugs, including the following security bugs:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-10-17T16:49:13", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00004.html", "cvelist": ["CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2007-5237", "CVE-2007-5236", "CVE-2007-5273", "CVE-2007-5239", "CVE-2007-5274"], "lastseen": "2016-09-04T11:29:37"}, {"id": "SUSE-SA:2008:025", "type": "suse", "title": "remote code execution in IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm", "description": "IBM Java 1.4.2 was updated to SR10 and IBM Java 1.5.0 was updated to SR7 to fix various security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-04-25T14:46:33", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html", "cvelist": ["CVE-2007-3698", "CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-0657", "CVE-2008-1196", "CVE-2007-5236", "CVE-2008-1190", "CVE-2007-5273", "CVE-2008-1187", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-4381", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "lastseen": "2016-09-04T11:31:33"}], "vmware": [{"id": "VMSA-2008-0010", "type": "vmware", "title": "Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter", "description": " \nESX patches and updates for VirtualCenter fix the following \napplication vulnerabilities.\n", "published": "2008-06-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2008-0010.html", "cvelist": ["CVE-2007-5342", "CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2008-1191", "CVE-2007-5333", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-1186", "CVE-2008-0657", "CVE-2008-1185", "CVE-2007-5237", "CVE-2008-1196", "CVE-2007-5461", "CVE-2007-5236", "CVE-2007-6286", "CVE-2008-1190", "CVE-2008-1187", "CVE-2007-5689", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "lastseen": "2016-09-04T11:19:37"}]}}