Vulnerability Description
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Java Enterprise System | <= 5.0 |
| Sun | Jre | <= 1.4.2 |
| Sun | Sdk | <= 1.4.3_13 |
Related Weaknesses (CWE)
References
- http://dev2dev.bea.com/pub/advisory/241
- http://docs.info.apple.com/article.html?artnum=307177
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
- http://osvdb.org/35483
- http://secunia.com/advisories/25069PatchVendor Advisory
- http://secunia.com/advisories/25283
- http://secunia.com/advisories/25413
- http://secunia.com/advisories/25474
- http://secunia.com/advisories/25832
- http://secunia.com/advisories/26311
- http://secunia.com/advisories/26369
- http://secunia.com/advisories/28115
- http://secunia.com/advisories/29858
- http://secunia.com/advisories/30780
- http://security.gentoo.org/glsa/glsa-200706-08.xml
FAQ
What is CVE-2007-2435?
CVE-2007-2435 is a vulnerability with a CVSS score of 10.0 (HIGH). Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that gra...
How severe is CVE-2007-2435?
CVE-2007-2435 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2435?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Java Enterprise System, Sun Jre, Sun Sdk.