[Japanese]
|
JVNDB-2011-000033
|
Java Web Start may insecurely load policy files
|
Java Web Start provided Oracle may use unsafe methods for determining how to load policy files.
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the file search path, which may insecurely load policy files.
Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
|
CVSS V2 Severity: Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
Sun Microsystems, Inc.
- JDK 6 Update 25 and earlier for Windows
- JRE 6 Update 25 and earlier for Windows
Hewlett-Packard Development Company, L.P
- HP Systems Insight Manager prior to v7.0
|
|
An attacker may execute arbitrary code with the privilege of the running application.
|
[Update the software]
Update to the latest version according to the information provided by the developer.
|
Oracle Corporation
Hewlett-Packard Development Company, L.P
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2011-0788
|
- JVN : JVN#29212182
- National Vulnerability Database (NVD) : CVE-2011-0788
- IPA SECURITY ALERTS : Security Alert for Multiple Vulnerabilities in Java Web Start
|
- [2011/06/10]
Web page published
[2013/03/29]
Affected Products : Product was added (HPSBMU02769 SSRT100846)
Vendor Information : Content was added (HPSBMU02769 SSRT100846)
|