[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-2435Date: (C)2007-05-02   (M)2023-12-22


Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017986
SUNALERT-102881
BID-23728
SECUNIA-25069
SECUNIA-25283
SECUNIA-25413
SECUNIA-25474
SECUNIA-25832
SECUNIA-26311
SECUNIA-26369
SECUNIA-28115
SECUNIA-29858
SECUNIA-30780
OSVDB-35483
ADV-2007-1598
ADV-2007-1814
ADV-2007-4224
APPLE-SA-2007-12-14
BEA07-173.00
GLSA-200705-23
GLSA-200706-08
GLSA-200804-20
GLSA-200804-28
GLSA-200806-11
RHSA-2007:0817
RHSA-2007:0829
RHSA-2008:0261
http://docs.info.apple.com/article.html?artnum=307177
http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
javawebstart-classes-privilege-escalation(33984)
oval:org.mitre.oval:def:10999

CPE    1
cpe:/a:sun:sdk
CWE    1
CWE-264

© SecPod Technologies