Executive Summary
Summary | |
---|---|
Title | Sun Alert 102996 Security Vulnerability in Java Web Start URL Parsing Code May Allow Untrusted Applications to Elevate Privileges |
Informations | |||
---|---|---|---|
Name | SUN-102996 | First vendor Publication | 2007-07-10 |
Vendor | Sun | Last vendor Modification | 2007-07-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Java 2 Platform, Standard Edition A buffer overflow vulnerability in the Java Web Start URL parsing code may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the Java Web Start application. Sun acknowledges with thanks, Brett Moore of Security-Assessment.com for discovering and reporting this issue. Sun also acknowledges eEye Digital Security for bringing this issue to our attention. Avoidance: Patch, Upgrade State: Resolved First released: 10-Jul-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_102996_security_vulnerability |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5015890.nasl |
2009-01-28 | Name : SuSE Update for IBM Java SUSE-SA:2007:056 File : nvt/gb_suse_2007_056.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86... File : nvt/glsa_200804_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-28 (jrockit-jdk-bin) File : nvt/glsa_200804_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin) File : nvt/glsa_200806_11.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37756 | Sun Java Web Start javaws.exe JNLP File Processing codebase Attribute Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-31 | Oracle Java WebStart JNLP stack buffer overflow attempt RuleID : 33588 - Revision : 2 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-02-22 | Name : The remote Unix host has an application that may be prone to a buffer overflo... File : sun_java_webstart_jnlp_overflow_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0818.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071128_jdk__java__on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080114_jdk__java__on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0829.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-20.nasl - Type : ACT_GATHER_INFO |
2007-12-17 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel6.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-4542.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-4544.nasl - Type : ACT_GATHER_INFO |
2007-07-10 | Name : The remote Windows host has an application that may be prone to a buffer over... File : sun_java_webstart_jnlp_overflow.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:57:52 |
|