CVE-2007-2435

CWE-2644 documents4 sources

Severity

10.0CRITICAL

EPSS

3.7%

top 12.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java Enterprise System SUN JRE SUN SDK

Timeline

PublishedMay 2

Latest updateMay 1

Description

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsun/java_enterprise_system5.0

▶NVDsun/jre1.4.2+1

▶NVDsun/sdk1.4.3_13

Patches

Patch: secunia.com ↗Patch: sunsolve.sun.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-9ffv-4whq-h9qg: Sun Java Web Start in JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2007-2435: Sun Java Web Start in JDK and JRE 5↗2007-05-02

▶

📋Vendor Advisories

Red Hat

javaws vulnerabilities↗2007-04-30

▶