CVE-2007-2435
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 02 May 2007, 10:00
Last modified:07 Aug 2024, 13:42
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
10 HIGH
v2.0 (nvd)
EPSS Score
4.71% LOW
5% probability +1.79%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 May 2007, 10:00
Published
Vulnerability first disclosed
07 Aug 2024, 13:42
Last Modified
Vulnerability information updated
Description
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
CVSS Metrics
- v2.0•HIGH•Score: 10AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 4.71%• Percentile: 90%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- sun•java_enterprise_system
≤ 5.0
- sun•jre
≤ 1.4.2 | ≤ 1.5.0
- sun•sdk
≤ 1.4.3_13
References (31)
- http://docs.info.apple.com/article.html?artnum=307177
- http://dev2dev.bea.com/pub/advisory/241
- http://www.securityfocus.com/bid/23728
- http://www.vupen.com/english/advisories/2007/1814
- http://secunia.com/advisories/26311
- http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
- http://secunia.com/advisories/25283
- http://osvdb.org/35483
- http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
- http://www.vupen.com/english/advisories/2007/1598
- http://secunia.com/advisories/26369
- http://secunia.com/advisories/25413
- http://security.gentoo.org/glsa/glsa-200804-28.xml
- http://secunia.com/advisories/29858
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
- http://www.redhat.com/support/errata/RHSA-2007-0817.html
- http://secunia.com/advisories/25832
- http://www.vupen.com/english/advisories/2007/4224
- http://security.gentoo.org/glsa/glsa-200706-08.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33984
- http://secunia.com/advisories/30780
- http://www.securitytracker.com/id?1017986
- http://secunia.com/advisories/25069
- http://secunia.com/advisories/28115
- http://www.redhat.com/support/errata/RHSA-2008-0261.html
- http://secunia.com/advisories/25474
- http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
- http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999
- http://www.redhat.com/support/errata/RHSA-2007-0829.html