CVE-2007-2435

DEB

Critical

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attacker…

CVSS

10.0

Critical

EPSS

0.05

p91

Published

2007-01-01

Updated

2007-01-01

Description

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Tags · CWE

CWE-264

Affected products

JabberdJabberdJabberdJava-1.4.2-ibmJava-1.4.2-ibmJava-1.4.2-ibmJava-1.4.2-ibmJava-1.4.2-ibmJava-1.4.2-ibmJava-1.5.0-ibmJava-1.5.0-ibmJfreechartJfreechartJfreechartOpenmotif21Openmotif21Openmotif21Perl-crypt-cbcPerl-crypt-cbcPerl-crypt-cbc

CVSS vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Timeline

2007-01-01

Published

2007-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Authentication

Au: N

None (N)

Confidentiality Impact

C: C

Complete

Integrity Impact

I: C

Complete

Availability Impact

A: C

Complete

Exploit indicators

EPSS

0.050 · p91

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Java-1.5.0-ibm Java-1.4.2-ibm Tomcat5 Jfreechart Jabberd Perl-crypt-cbc Rhn-apache Rhn-modperl Openmotif21 Rhn-modjk+1

Sun

Jre Sdk Java Enterprise System

Product	Vendor	Status
jabberd		Tracked
jabberd		Tracked
jabberd		Tracked
java-1.4.2-ibm		Tracked
java-1.4.2-ibm		Tracked
java-1.4.2-ibm		Tracked
java-1.4.2-ibm		Tracked
java-1.4.2-ibm		Tracked
java-1.4.2-ibm		Tracked
java-1.5.0-ibm		Tracked
java-1.5.0-ibm		Tracked
jfreechart		Tracked
jfreechart		Tracked
jfreechart		Tracked
openmotif21		Tracked
openmotif21		Tracked
openmotif21		Tracked
perl-Crypt-CBC		Tracked
perl-Crypt-CBC		Tracked
perl-Crypt-CBC		Tracked

Showing first 20 of 41

Source databases

DEB

CVE

RED

UBU