Java Plugin and Web Start Version Specification Weakness

2006-08-21T12:33:51
ID OSVDB:28109
Type osvdb
Reporter Sun Microsystems, Inc.()
Modified 2006-08-21T12:33:51

Description

Vulnerability Description

Sun Microsystems, Inc. Java Plug-in and Java Web Start contain a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered when vulnerable versions of the Java Plugin and Java Web Start are installed, and a specially crafted applet specifies the vulnerable versions in which to run. It is possible that the flaw may allow applets or applications to run with a specified version of the JRE that does not have the latest security fixes resulting in a loss of integrity.

Technical Description

Java Plug-in included with J2SE 5.0 Update 5 and earlier, 1.4.x, 1.3.1 and 1.3.0_02 and later are affected.

Java Web Start included with J2SE 5.0 Update 5 and earlier, and 1.4.2 are affected.

Solution Description

Upgrade to Java Plug-in 5.0 Update 6 or higher for Windows and Java Web Start 5.0 Update 6 and higher for Windows, Solaris, and Linux as it has been reported to fix this vulnerability.

Short Description

Sun Microsystems, Inc. Java Plug-in and Java Web Start contain a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered when vulnerable versions of the Java Plugin and Java Web Start are installed, and a specially crafted applet specifies the vulnerable versions in which to run. It is possible that the flaw may allow applets or applications to run with a specified version of the JRE that does not have the latest security fixes resulting in a loss of integrity.

References:

Vendor URL: http://www.sun.com/ Vendor Specific Solution URL: http://java.sun.com/javase/downloads/index.jsp Vendor Specific Advisory URL Security Tracker: 1016732 Security Tracker: 1016733 Secunia Advisory ID:21570 Keyword: BugIDs: 6281384 CVE-2006-4302