CVE-2007-2435
First published: Wed May 02 2007(Updated: )
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun SDK | <=1.4.3_13 | |
| Sun Jre | <=1.4.2 | |
| Sun Java Enterprise System | <=5.0 | |
| Sun Jre | <=1.5.0 | |
| Sun JRE | <=1.4.2 | |
| Sun JRE | <=1.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
- http://www.securityfocus.com/bid/23728
- http://secunia.com/advisories/25069
- http://www.securitytracker.com/id?1017986
- http://dev2dev.bea.com/pub/advisory/241
- http://secunia.com/advisories/25283
- http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
- http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
- http://security.gentoo.org/glsa/glsa-200706-08.xml
- http://www.redhat.com/support/errata/RHSA-2007-0817.html
- http://www.redhat.com/support/errata/RHSA-2007-0829.html
- http://secunia.com/advisories/25413
- http://secunia.com/advisories/25474
- http://secunia.com/advisories/25832
- http://secunia.com/advisories/26311
- http://secunia.com/advisories/26369
- http://docs.info.apple.com/article.html?artnum=307177
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
- http://secunia.com/advisories/28115
- http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
- http://secunia.com/advisories/29858
- http://security.gentoo.org/glsa/glsa-200804-28.xml
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
- http://secunia.com/advisories/30780
- http://www.vupen.com/english/advisories/2007/1814
- http://www.vupen.com/english/advisories/2007/1598
- http://www.vupen.com/english/advisories/2007/4224
- http://osvdb.org/35483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33984
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999
Frequently Asked Questions
What is the severity of CVE-2007-2435?
CVE-2007-2435 is considered a high severity vulnerability due to its potential to allow remote attackers unauthorized access and actions.
How do I fix CVE-2007-2435?
To fix CVE-2007-2435, upgrade to the latest version of the Java Runtime Environment provided by Sun Microsystems.
What systems are affected by CVE-2007-2435?
CVE-2007-2435 affects Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier.
Can CVE-2007-2435 be exploited remotely?
Yes, CVE-2007-2435 can be exploited remotely by attackers to perform unauthorized actions.
What type of vulnerability is CVE-2007-2435?
CVE-2007-2435 is characterized as a security vulnerability related to incorrect use of system classes.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- agent/source
- vendor/sun
- canonical/sun sdk
- version/sun sdk/1.4.3_13
- canonical/sun jre
- version/sun jre/1.4.2
- canonical/sun java enterprise system
- version/sun java enterprise system/5.0
- version/sun jre/1.5.0