Podatność CVE-2007-2435


Publikacja: 2007-05-02   Modyfikacja: 2012-02-12

Opis:
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Typ:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
10/10
10/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
SUN -> Java enterprise system 
SUN -> JRE 
SUN -> SDK 

 Referencje:
http://www.securityfocus.com/bid/23728
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
http://secunia.com/advisories/25069
http://xforce.iss.net/xforce/xfdb/33984
http://www.vupen.com/english/advisories/2007/4224
http://www.vupen.com/english/advisories/2007/1814
http://www.vupen.com/english/advisories/2007/1598
http://www.securitytracker.com/id?1017986
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://www.redhat.com/support/errata/RHSA-2007-0817.html
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
http://security.gentoo.org/glsa/glsa-200706-08.xml
http://secunia.com/advisories/26369
http://secunia.com/advisories/26311
http://secunia.com/advisories/25832
http://secunia.com/advisories/25474
http://secunia.com/advisories/25413
http://secunia.com/advisories/25283
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10999
http://dev2dev.bea.com/pub/advisory/241
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://secunia.com/advisories/30780
http://secunia.com/advisories/29858
http://secunia.com/advisories/28115
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://docs.info.apple.com/article.html?artnum=307177

Copyright 2024, cxsecurity.com

 

Back to Top