CVE-2007-5237 — JDK vulnerability

CWE-2645 documents5 sources

Severity

7.1HIGHNVD

EPSS

1.1%

top 22.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE

Timeline

PublishedOct 6

Latest updateMay 1

Description

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."

CVSS vector

AV:N/AC:H/C:C/I:C/A:NExploitability: 4.9 | Impact: 9.2

Affected Packages2 packages

▶NVDsun/jdk1.6.0

▶NVDsun/jre1.6.0

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-wxff-hq7w-p8h7: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-a↗2022-05-01

▶

CVEList

CVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-a↗2007-10-06

▶

📋Vendor Advisories

Red Hat

Untrusted Java Web Start application may read and write local files↗2007-10-03

▶

💬Community

Bugzilla

CVE-2007-5237 Untrusted Java Web Start application may read and write local files↗2007-10-07

▶