CVE-2007-2435

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

CVSS v2.0 10

10^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1	Patch Vendor Advisory
http://www.securityfocus.com/bid/23728	Patch
http://secunia.com/advisories/25069	Patch Vendor Advisory
http://www.securitytracker.com/id?1017986
http://dev2dev.bea.com/pub/advisory/241
http://secunia.com/advisories/25283
http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
http://security.gentoo.org/glsa/glsa-200706-08.xml
http://www.redhat.com/support/errata/RHSA-2007-0817.html
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://secunia.com/advisories/25413
http://secunia.com/advisories/25474
http://secunia.com/advisories/25832
http://secunia.com/advisories/26311
http://secunia.com/advisories/26369
http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://secunia.com/advisories/28115
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://secunia.com/advisories/29858
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://secunia.com/advisories/30780
http://www.vupen.com/english/advisories/2007/1814
http://www.vupen.com/english/advisories/2007/1598
http://www.vupen.com/english/advisories/2007/4224
http://osvdb.org/35483
https://exchange.xforce.ibmcloud.com/vulnerabilities/33984
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10999

Configurations

Configuration 1

cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*

cpe:2.3:a:sun:java_enterprise_system:*:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2007-05-02 10:19

Updated : 2017-10-11 01:32

NVD link : CVE-2007-2435

Mitre link : CVE-2007-2435

Products Affected

No products.

CWE

CWE-264