Lucene search

Japan Vulnerability NotesJVN:09206238

HistoryJun 10, 2011 - 12:00 a.m.

JVN#09206238: Java Web Start may insecurely load settings files

2011-06-1000:00:00

Japan Vulnerability Notes

jvn.jp

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

83.9%

JSON

Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load settings files.

Impact

An attacker may execute arbitrary code with the privilege of the running application.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Products Affected

Java SE 6 Update 25 and earlier for Windows

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

83.9%

JSON

Related for JVN:09206238