CVE-2007-2435

Summary

CVE	CVE-2007-2435
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-05-02 10:19:00 UTC
Updated	2017-10-11 01:32:00 UTC
Description	Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Sun	Java Enterprise System	All	update10	All	All
Application	Sun	Jre	All	update13	All	All
Application	Sun	Jre	All	update10	All	All
Application	Sun	Sdk	All	All	All	All

References

Reference	Source	Link	Tags
Sun Java Web Start Unauthorized Access Vulnerability	BID	www.securityfocus.com	Patch
IBM JDK/JRE: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	www.gentoo.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Red Hat update for java-1.4.2-ibm - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
BEA JRockit Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com
ASA-2007-199 (SUN 102881)	CONFIRM	support.avaya.com
SecurityTracker.com Archives - Java Web Start Incorrect Use of System Classes Lets Users Gain Elevated Privileges	SECTRACK	www.securitytracker.com
#201744: Security Vulnerability With Java Web Start Related to Incorrect Use of System Classes	SUNALERT	sunsolve.sun.com	Patch, Vendor Advisory
Webmail - OVH	VUPEN	www.vupen.com
Avaya IR Java Web Start Insecure System Classes Vulnerability - Advisories - Secunia	SECUNIA	secunia.com
APPLE-SA-2007-12-14 Java Release 6 for Mac OS X 10.4	APPLE	lists.apple.com
Gentoo updates for sun-jdk and sun-jre-bin - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
35483	OSVDB	osvdb.org
Gentoo update for ibm-jdk-bin and ibm-jre-bin - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Sun JDK/JRE: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	www.gentoo.org
Gentoo update for sun-jdk, sun-jre-bin, and emul-linux-x86-java - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Red Hat update for java-1.5.0-ibm - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
Gentoo Linux Documentation -- Sun JDK/JRE: Multiple vulnerabilities	GENTOO	www.gentoo.org
Repository / Oval Repository	OVAL	oval.cisecurity.org
Gentoo Linux Documentation -- emul-linux-x86-java: Multiple vulnerabilities	GENTOO	security.gentoo.org
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com
Mac OS X Java Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com
Java 2 Platform Privilege Escalation Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
An Application started through Java Web Start may be able to elevate its privileges	BEA	dev2dev.bea.com
Gentoo update for emul-linux-x86-java - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
About the security content of Java Release 6 for Mac OS X 10.4	MISC	docs.info.apple.com
JRockit: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	security.gentoo.org
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.