Lucene search

K

[email protected]CVE-2007-5238

HistoryOct 06, 2007 - 12:17 a.m.

CVE-2007-5238

2007-10-0600:17:00

CWE-264

[email protected]

web.nvd.nist.gov

31

cve-2007-5238

java

web start

sun jdk

jre

vulnerability

access restrictions

untrusted applications

sensitive information

nvd

5.8 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.2%

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka “three vulnerabilities.”

CPENameOperatorVersion
sun:jresun jreeq1.3.1
sun:sdksun sdkeq1.4.2
sun:sdksun sdkeq1.3.1_19
sun:sdksun sdkeq1.4.2_10
sun:sdksun sdkeq1.4.2_12
sun:jdksun jdkeq1.5.0
sun:jresun jreeq1.4.1
sun:jresun jreeq1.5.0
sun:sdksun sdkeq1.4.2_14
sun:jresun jreeq1.6.0

Rows per page:

1-10 of 351

References

dev2dev.bea.com/pub/advisory/272

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533

lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

secunia.com/advisories/27206

secunia.com/advisories/27261

secunia.com/advisories/27693

secunia.com/advisories/27716

secunia.com/advisories/27804

secunia.com/advisories/28777

secunia.com/advisories/28880

secunia.com/advisories/29042

secunia.com/advisories/29858

secunia.com/advisories/29897

secunia.com/advisories/30676

secunia.com/advisories/30780

security.gentoo.org/glsa/glsa-200804-28.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1

support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

www.gentoo.org/security/en/glsa/glsa-200804-20.xml

www.gentoo.org/security/en/glsa/glsa-200806-11.xml

www.novell.com/linux/security/advisories/2007_55_java.html

www.redhat.com/support/errata/RHSA-2007-0963.html

www.redhat.com/support/errata/RHSA-2007-1041.html

www.redhat.com/support/errata/RHSA-2008-0132.html

www.securityfocus.com/archive/1/482926/100/0/threaded

www.securityfocus.com/bid/25920

www.securitytracker.com/id?1018770

www.vmware.com/security/advisories/VMSA-2008-0010.html

www.vupen.com/english/advisories/2007/3895

www.vupen.com/english/advisories/2008/0609

www.vupen.com/english/advisories/2008/1856/references

exchange.xforce.ibmcloud.com/vulnerabilities/36946

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11592

5.8 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.2%

Related for CVE-2007-5238

prion1 ubuntucve1 nessus18 redhat3 securityvulns1 openvas19 suse2 vmware2 gentoo1