Executive Summary

Informations
NameCVE-2007-5689First vendor Publication2007-10-29
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9898
 
Oval ID: oval:org.mitre.oval:def:9898
Title: The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
Description: The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5689
Version: 3
Platform(s): Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21783
 
Oval ID: oval:org.mitre.oval:def:21783
Title: ELSA-2007:0963: java-1.5.0-sun security update (Important)
Description: The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
Family: unix Class: patch
Reference(s): ELSA-2007:0963-01
CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
CVE-2007-5689
Version: 30
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application13
Application35
Application16

OpenVAS Exploits

DateDescription
2009-05-05Name : HP-UX Update for Java JRE and JDK HPSBUX02284
File : nvt/gb_hp_ux_HPSBUX02284.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86...
File : nvt/glsa_200804_20.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200804-28 (jrockit-jdk-bin)
File : nvt/glsa_200804_28.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin)
File : nvt/glsa_200806_11.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
40834Sun Java JDK / JRE Java Virtual Machine (JVM) Unspecified Applet Privilege Es...

Nessus® Vulnerability Scanner

DateDescription
2013-02-22Name : The remote Unix host has an application that is affected by multiple vulnerab...
File : sun_java_jre_103079_unix.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0963.nasl - Type : ACT_GATHER_INFO
2009-07-27Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO
2008-06-26Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200806-11.nasl - Type : ACT_GATHER_INFO
2008-04-28Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-28.nasl - Type : ACT_GATHER_INFO
2008-04-22Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-20.nasl - Type : ACT_GATHER_INFO
2007-10-05Name : The remote Windows host has an application that is affected by multiple vulne...
File : sun_java_jre_103079.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BEAhttp://dev2dev.bea.com/pub/advisory/272
BIDhttp://www.securityfocus.com/bid/26185
CONFIRMhttp://support.avaya.com/elmodocs2/security/ASA-2007-480.htm
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
GENTOOhttp://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
HPhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
OSVDBhttp://osvdb.org/40834
SECTRACKhttp://www.securitytracker.com/id?1018847
SECUNIAhttp://secunia.com/advisories/27320
http://secunia.com/advisories/27693
http://secunia.com/advisories/29042
http://secunia.com/advisories/29858
http://secunia.com/advisories/30676
http://secunia.com/advisories/30780
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
VUPENhttp://www.vupen.com/english/advisories/2007/3589
http://www.vupen.com/english/advisories/2007/3895
http://www.vupen.com/english/advisories/2008/0609
http://www.vupen.com/english/advisories/2008/1856/references

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:42:22
  • Multiple Updates
2013-05-11 10:40:41
  • Multiple Updates