7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.6%
Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0
Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted
Java Web Start applications and untrusted Java applets to affect
confidentiality, integrity, and availability, related to I18n.
Author | Note |
---|---|
mdeslaur | in natty+, NetX and the plugin moved to the icedtea-web package |
sbeattie | red hat description: It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | openjdk-6 | < 6b27-1.12.3-0ubuntu1~08.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | openjdk-6 | < 6b20-1.9.13-0ubuntu1~10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | openjdk-6 | < 6b20-1.9.13-0ubuntu1~10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | openjdk-6 | < 6b22-1.10.6-0ubuntu1 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-6 | < 6b23~pre11-0ubuntu1.11.10.2 | UNKNOWN |
ubuntu | 10.04 | noarch | openjdk-6b18 | < 6b18-1.8.13-0ubuntu1~10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | openjdk-6b18 | < 6b18-1.8.13-0ubuntu1~10.10.1 | UNKNOWN |
ubuntu | 11.04 | noarch | openjdk-6b18 | < 6b18-1.8.13-0ubuntu1~11.04.1 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-7 | < 7u9-2.3.3-0ubuntu1~11.10.1 | UNKNOWN |