CVE-2007-2435
First published: Wed May 02 2007(Updated: )
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun SDK | <=1.4.3_13 | |
| Sun Jre | <=1.4.2 | |
| Sun Java Enterprise System | <=5.0 | |
| Sun Jre | <=1.5.0 | |
| Sun JRE | <=1.4.2 | |
| Sun JRE | <=1.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
- http://www.securityfocus.com/bid/23728
- http://secunia.com/advisories/25069
- http://www.securitytracker.com/id?1017986
- http://dev2dev.bea.com/pub/advisory/241
- http://secunia.com/advisories/25283
- http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
- http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
- http://security.gentoo.org/glsa/glsa-200706-08.xml
- http://www.redhat.com/support/errata/RHSA-2007-0817.html
- http://www.redhat.com/support/errata/RHSA-2007-0829.html
- http://secunia.com/advisories/25413
- http://secunia.com/advisories/25474
- http://secunia.com/advisories/25832
- http://secunia.com/advisories/26311
- http://secunia.com/advisories/26369
- http://docs.info.apple.com/article.html?artnum=307177
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
- http://secunia.com/advisories/28115
- http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
- http://secunia.com/advisories/29858
- http://security.gentoo.org/glsa/glsa-200804-28.xml
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
- http://secunia.com/advisories/30780
- http://www.vupen.com/english/advisories/2007/1814
- http://www.vupen.com/english/advisories/2007/1598
- http://www.vupen.com/english/advisories/2007/4224
- http://osvdb.org/35483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33984
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sun
- canonical/sun sdk
- version/sun sdk/1.4.3_13
- canonical/sun jre
- version/sun jre/1.4.2
- canonical/sun java enterprise system
- version/sun java enterprise system/5.0
- version/sun jre/1.5.0