Lucene search

PRIOn knowledge basePRION:CVE-2007-2435

HistoryMay 02, 2007 - 10:19 a.m.

Design/Logic Flaw

2007-05-0210:19:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.2%

JSON

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to “Incorrect Use of System Classes” and probably related to support for JNLP files.

CPENameOperatorVersion
java_enterprise_systemle5.0
jrele1.4.2
jrele1.5.0
sdkeq<= 1.4.3-13

Name	Operator	Version
java_enterprise_system	le	5.0
jre	le	1.4.2
jre	le	1.5.0
sdk	eq	<= 1.4.3-13

References

dev2dev.bea.com/pub/advisory/241

docs.info.apple.com/article.html?artnum=307177

lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

osvdb.org/35483

secunia.com/advisories/25069

secunia.com/advisories/25283

secunia.com/advisories/25413

secunia.com/advisories/25474

secunia.com/advisories/25832

secunia.com/advisories/26311

secunia.com/advisories/26369

secunia.com/advisories/28115

secunia.com/advisories/29858

secunia.com/advisories/30780

security.gentoo.org/glsa/glsa-200706-08.xml

security.gentoo.org/glsa/glsa-200804-28.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1

support.avaya.com/elmodocs2/security/ASA-2007-199.htm

www.gentoo.org/security/en/glsa/glsa-200705-23.xml

www.gentoo.org/security/en/glsa/glsa-200804-20.xml

www.gentoo.org/security/en/glsa/glsa-200806-11.xml

www.redhat.com/support/errata/RHSA-2007-0817.html

www.redhat.com/support/errata/RHSA-2007-0829.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/bid/23728

www.securitytracker.com/id?1017986

www.vupen.com/english/advisories/2007/1598

www.vupen.com/english/advisories/2007/1814

www.vupen.com/english/advisories/2007/4224

exchange.xforce.ibmcloud.com/vulnerabilities/33984

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999

6.6 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.2%

JSON

Related for PRION:CVE-2007-2435