CVE-2007-5689

Executive Summary

Informations
Name	CVE-2007-5689	First vendor Publication	2007-10-29
Vendor	Cve	Last vendor Modification	2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5689

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9898

Oval ID:	oval:org.mitre.oval:def:9898
Title:	The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
Description:	The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5689	Version:	3
Platform(s):	Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5	Product(s):
Definition Synopsis:
IF redhat-release is version 4 AND java-1.5.0-sun-demo is earlier than 0:1.5.0.13-1jpp.1.el4 AND java-1.5.0-sun-plugin is earlier than 0:1.5.0.13-1jpp.1.el4 AND java-1.5.0-sun-jdbc is earlier than 0:1.5.0.13-1jpp.1.el4 AND java-1.5.0-sun-src is earlier than 0:1.5.0.13-1jpp.1.el4 AND java-1.5.0-sun is earlier than 0:1.5.0.13-1jpp.1.el4 AND java-1.5.0-sun-devel is earlier than 0:1.5.0.13-1jpp.1.el4 OR redhat-release is version 5 AND java-1.5.0-sun-demo is earlier than 0:1.5.0.13-1jpp.1.el5 AND java-1.5.0-sun-plugin is earlier than 0:1.5.0.13-1jpp.1.el5 AND java-1.5.0-sun-jdbc is earlier than 0:1.5.0.13-1jpp.1.el5 AND java-1.5.0-sun-src is earlier than 0:1.5.0.13-1jpp.1.el5 AND java-1.5.0-sun is earlier than 0:1.5.0.13-1jpp.1.el5 AND java-1.5.0-sun-devel is earlier than 0:1.5.0.13-1jpp.1.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sun Jdk cpe:/a:sun:jdk:1.6.0:update2 cpe:/a:sun:jdk:1.6.0:update1 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.5.0:update1 cpe:/a:sun:jdk:1.5.0:update11 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.5.0:update12 cpe:/a:sun:jdk:1.5.0:update10 cpe:/a:sun:jdk:1.5.0:update2 cpe:/a:sun:jdk:1.5.0:update9	13
Application	Sun Jre cpe:/a:sun:jre:1.6.0:update2 cpe:/a:sun:jre:1.6.0:update1 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.4.2:update14 cpe:/a:sun:jre:1.4.2:update12 cpe:/a:sun:jre:1.4.2 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.4.2:update11 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:jre:1.4.2:update10 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:jre:1.4.2:update15 cpe:/a:sun:jre:1.4.2:update13 cpe:/a:sun:jre:1.4.1:update3 cpe:/a:sun:jre:1.4 cpe:/a:sun:jre:1.3.1:update1a cpe:/a:sun:jre:1.3.1:update19 cpe:/a:sun:jre:1.3.1:update1 cpe:/a:sun:jre:1.3.1:update18 cpe:/a:sun:jre:1.3.1:update20 cpe:/a:sun:jre:1.3.1:update16 cpe:/a:sun:jre:1.3.0 cpe:/a:sun:jre:1.3.0:update5	35
Application	Sun Sdk cpe:/a:sun:sdk:1.4.2_15 cpe:/a:sun:sdk:1.4.2_14 cpe:/a:sun:sdk:1.4.2_13 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:sdk:1.4.2_11 cpe:/a:sun:sdk:1.4.2_10 cpe:/a:sun:sdk:1.4.2_09 cpe:/a:sun:sdk:1.4.2_08 cpe:/a:sun:sdk:1.4.2_03 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:sdk:1.3.1_20 cpe:/a:sun:sdk:1.3.1_19 cpe:/a:sun:sdk:1.3.1_18 cpe:/a:sun:sdk:1.3.1_16 cpe:/a:sun:sdk:1.3.1_01a cpe:/a:sun:sdk:1.3.1_01	16

Open Source Vulnerability Database (OSVDB)

id	Description
40834	Sun Java JDK / JRE Java Virtual Machine (JVM) Unspecified Applet Privilege Es...

Internal Sources (Detail)

Source	Url
BEA	http://dev2dev.bea.com/pub/advisory/272
BID	http://www.securityfocus.com/bid/26185
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2007-480.htm http://www.vmware.com/security/advisories/VMSA-2008-0010.html
GENTOO	http://security.gentoo.org/glsa/glsa-200804-28.xml http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
HP	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
OSVDB	http://osvdb.org/40834
SECTRACK	http://www.securitytracker.com/id?1018847
SECUNIA	http://secunia.com/advisories/27320 http://secunia.com/advisories/27693 http://secunia.com/advisories/29042 http://secunia.com/advisories/29858 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
VUPEN	http://www.vupen.com/english/advisories/2007/3589 http://www.vupen.com/english/advisories/2007/3895 http://www.vupen.com/english/advisories/2008/0609 http://www.vupen.com/english/advisories/2008/1856/references

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 10:40:41	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	64
osvdb(s)	1

Related	Severity
VMSA-2008-0010	(Critical)
SUN-103112	(Critical)
HPSBUX02284 SSR...	(Critical)
GLSA-200806-11	(Critical)
GLSA-200804-28	(Critical)
GLSA-200804-20	(Critical)

Same Subject	Severity
Login to view 30 more Alert(s)

CVE-2007-5689

Executive Summary

Security-Database Scoring CVSS v2

Security Protection

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU