Executive Summary
Summary | |
---|---|
Title | Sun Alert 103073 Multiple Security Vulnerabilities in Java Web Start Relating to Local File Access |
Informations | |||
---|---|---|---|
Name | SUN-103073 | First vendor Publication | 2007-10-03 |
Vendor | Sun | Last vendor Modification | 2007-10-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 9.2 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Java 2 Platform, Standard Edition [1] A vulnerability in Java Web Start may allow an untrusted application to read local files that are accessible to the user running the untrusted application. [2] Two vulnerabilities in Java Web Start may allow an untrusted application to read and write local files that are accessible to the user running the untrusted application. [3] Three vulnerabilities in Java Web Start may allow an untrusted application to determine the location of the Java Web Start cache. Sun acknowledges with thanks, Peter Csepely, for bringing these issues to our attention. Avoidance: Patch, Upgrade, Workaround State: Resolved First released: 03-Oct-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_103073_multiple_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm3.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 1.5.0 File : nvt/sles10_java-1_5_0-ibm4.nasl |
2009-10-10 | Name : SLES9: Security update for Sun Java 2 File : nvt/sles9p5020427.nasl |
2009-10-10 | Name : SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK File : nvt/sles9p5021818.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 5 and JRE File : nvt/sles9p5023460.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 2 JRE and SDK File : nvt/sles9p5023603.nasl |
2009-05-05 | Name : HP-UX Update for Java JRE and JDK HPSBUX02284 File : nvt/gb_hp_ux_HPSBUX02284.nasl |
2009-01-28 | Name : SuSE Update for Sun Java SUSE-SA:2007:055 File : nvt/gb_suse_2007_055.nasl |
2009-01-23 | Name : SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008... File : nvt/gb_suse_2008_025.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86... File : nvt/glsa_200804_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-28 (jrockit-jdk-bin) File : nvt/glsa_200804_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin) File : nvt/glsa_200806_11.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37764 | Sun Java JDK / JRE on Windows Untrusted Application Arbitrary File Access |
37763 | Sun Java JDK / JRE Untrusted Application Arbitrary File Manipulation |
37762 | Sun Java JDK / JRE Multiple Unspecified Information Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_103079_unix.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080114_jdk__java__on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071128_jdk__java__on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12142.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0963.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0132.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1041.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-5182.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5183.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-20.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-4533.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-4687.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-4536.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-4527.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-4525.nasl - Type : ACT_GATHER_INFO |
2007-10-05 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_103079.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:57:53 |
|