Lucene search

K
nvd[email protected]NVD:CVE-2007-2435
HistoryMay 02, 2007 - 10:19 a.m.

CVE-2007-2435

2007-05-0210:19:00
CWE-264
web.nvd.nist.gov
10

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.032

Percentile

91.2%

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to “Incorrect Use of System Classes” and probably related to support for JNLP files.

Affected configurations

Nvd
Node
sunjava_enterprise_systemRange5.0update10
OR
sunjreRange1.4.2update13
OR
sunjreRange1.5.0update10
OR
sunsdkRange1.4.3_13
VendorProductVersionCPE
sunjava_enterprise_system*cpe:2.3:a:sun:java_enterprise_system:*:update10:*:*:*:*:*:*
sunjre*cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*
sunjre*cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*
sunsdk*cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*

References

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.032

Percentile

91.2%