[Japanese]
|
JVNDB-2007-000329
|
Java Web Start vulnerable to execution of unauthorized system classes
|
Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.
Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.
|
CVSS V2 Severity: Base Metrics 7.5 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
BEA Systems, Inc.
- BEA JRockit R26.0.0 1.4.2_07 and earlier
- BEA JRockit R26.0.0 1.5.0_04 and earlier
Apple Inc.
- Apple Mac OS X v10.4.10
- Apple Mac OS X Server v10.4.10
Allied Telesis
Sun Microsystems, Inc.
- JDK 5 Update 10 and earlier
- JRE 1.4.2 Update 13 and earlier
- JRE 5 Update 10 and earlier
- SDK 1.4.2 Update 13 and earlier
Red Hat, Inc.
- Red Hat Enterprise Linux Extras 3 extras
- Red Hat Enterprise Linux Extras 4 extras
- RHEL Desktop Supplementary 5 (client)
- RHEL Supplementary 5 (server)
NEC Corporation
- TW703000 (TW850)
- WebSAM DeploymentManager (HP-UX)
|
|
An arbitrary command or code may be executed or files on a user's computer may be overwritten, with the privilege of the user running the application.
|
Please update to the fixed version from the vendor.
|
BEA Systems, Inc.
Apple Inc.
Allied Telesis
Sun Microsystems, Inc.
- Sun Alert Notification : 102881
Red Hat, Inc.
NEC Corporation
- NEC Security Information : NV07-014 (Japanese)
|
- Permissions(CWE-264) [NVD Evaluation]
|
- CVE-2007-2435
|
- JVN : JVN#44724673
- National Vulnerability Database (NVD) : CVE-2007-2435
- JPCERT REPORT : JPCERT-WR-2007-1701 (Japanese)
- Secunia Advisory : SA25069
- SecurityFocus : 23728
- ISS X-Force Database : 33984
- SecurityTracker : 1017986
- FrSIRT Advisories : FrSIRT/ADV-2007-1598
|
- [2008/05/21]
Web page published
[2008/06/06]
Affected Products : Allied Telesis K.K. (20080521_1).
Vendor Information : Allied Telesis K.K. (20080521_1).
|