[Japanese]

JVNDB-2005-000705

Fujitsu Java Runtime Environment reflection API vulnerability

Overview

A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.

This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


IBM Corporation
  • IBM SDK, 1.3 and earlier
  • IBM SDK, 1.4.2 and earlier
Sun Microsystems, Inc.
  • JDK 5.0 Update 3 and earlier
  • JRE 5.0 Update 3 and earlier

Impact

If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet.
Solution

Vendor Information

IBM Corporation Sun Microsystems, Inc.
  • Sun Alert Notification : 201102
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-3904
References

  1. JVN : JVN#15972537
  2. National Vulnerability Database (NVD) : CVE-2005-3904
  3. US-CERT Vulnerability Note : VU#931684
  4. Secunia Advisory : SA17748
  5. SecurityFocus : 15615
  6. FrSIRT Advisories : FrSIRT/ADV-2005-2636
Revision History

  • [2008/05/21]
      Web page published