FKIE_CVE-2007-2435

Vulnerability from fkie_nvd - Published: 2007-05-02 10:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
References
cve@mitre.orghttp://dev2dev.bea.com/pub/advisory/241
cve@mitre.orghttp://docs.info.apple.com/article.html?artnum=307177
cve@mitre.orghttp://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
cve@mitre.orghttp://osvdb.org/35483
cve@mitre.orghttp://secunia.com/advisories/25069Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/25283
cve@mitre.orghttp://secunia.com/advisories/25413
cve@mitre.orghttp://secunia.com/advisories/25474
cve@mitre.orghttp://secunia.com/advisories/25832
cve@mitre.orghttp://secunia.com/advisories/26311
cve@mitre.orghttp://secunia.com/advisories/26369
cve@mitre.orghttp://secunia.com/advisories/28115
cve@mitre.orghttp://secunia.com/advisories/29858
cve@mitre.orghttp://secunia.com/advisories/30780
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200706-08.xml
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200804-28.xml
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1Patch, Vendor Advisory
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0817.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0829.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0261.html
cve@mitre.orghttp://www.securityfocus.com/bid/23728Patch
cve@mitre.orghttp://www.securitytracker.com/id?1017986
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1598
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1814
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/4224
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/33984
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999
af854a3a-2127-422b-91ae-364da2661108http://dev2dev.bea.com/pub/advisory/241
af854a3a-2127-422b-91ae-364da2661108http://docs.info.apple.com/article.html?artnum=307177
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/35483
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25069Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25283
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25413
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25474
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/25832
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26311
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26369
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28115
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29858
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30780
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200706-08.xml
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200804-28.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0817.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0829.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0261.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/23728Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017986
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1598
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1814
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/4224
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/33984
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999
Impacted products
Vendor Product Version
sun java_enterprise_system *
sun jre *
sun jre *
sun sdk *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:java_enterprise_system:*:update10:*:*:*:*:*:*",
              "matchCriteriaId": "30914423-2DED-4015-92D2-9B9C5BA1283A",
              "versionEndIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*",
              "matchCriteriaId": "237F087F-53C4-400D-B132-37BBEEA3E03D",
              "versionEndIncluding": "1.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*",
              "matchCriteriaId": "1CBCA6F7-38C1-4B08-8E46-4322497B2B54",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25A5A79-1BF1-4EEC-B407-758A9A986188",
              "versionEndIncluding": "1.4.3_13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to \"Incorrect Use of System Classes\" and probably related to support for JNLP files."
    },
    {
      "lang": "es",
      "value": "Sun Java Web Start en JDK y JRE 5.0 hasta 10 y anteriores, y Java Web Start en SDK y JRE 1.4.2_13 y anteriores, permite a atacantes remotos realizar acciones no autorizadas a trav\u00e9s de una aplicaci\u00f3n que concede privilegios a si mismo, relacionado con \"Uso incorrecto de sistemas de clases\" y probablemente relacionado con el apoyo para ficheros JNLP."
    }
  ],
  "evaluatorSolution": "The vendor has addressed this issue through product updates that can be found at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1",
  "id": "CVE-2007-2435",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-05-02T10:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dev2dev.bea.com/pub/advisory/241"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307177"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/35483"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25069"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25283"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25413"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25474"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25832"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26311"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26369"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28115"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23728"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017986"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1598"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1814"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4224"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33984"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev2dev.bea.com/pub/advisory/241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/35483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/25069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200706-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0817.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0829.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/23728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.