Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Sun Alert 102957 Security Vulnerability With Java Web Start May Allow Application to Escalate Privileges |
| Informations | |||
|---|---|---|---|
| Name | SUN-102957 | First vendor Publication | 2007-06-28 |
| Vendor | Sun | Last vendor Modification | 2007-06-28 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Java 2 Platform, Standard Edition A vulnerability in Java Web Start may allow an untrusted application to grant itself permissions to overwrite any file that is writable by the user running the application. This would include the user's .java.policy file which would allow the application to invoke applets or Java Web Start applications that can execute arbitrary code with the permissions of the user running the untrusted application. Sun acknowledges, with thanks, John Heasman of NGSSoftware Limited, for bringing this issue to our attention. Avoidance: Upgrade State: Resolved First released: 28-Jun-2007 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_102957_security_vulnerability |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 37755 | Sun Java Web Start PersistenceService Application Traversal Arbitrary File Ov... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-12-17 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel6.nasl - Type : ACT_GATHER_INFO |
| 2007-06-29 | Name : The remote Windows host has an application that is affected by a privilege es... File : sun_java_jre_102957.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:57:51 |
|
