| Vulnerability Name: | CVE-2005-3904 (CCN-23252) |
| Assigned: | 2005-11-28 |
| Published: | 2005-11-28 |
| Updated: | 2018-10-30 |
| Summary: | Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.
|
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-Other
|
| Vulnerability Consequences: | Gain Privileges |
| References: | Source: MITRE
Type: CNA
CVE-2005-3904
Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-11-30
Source: CCN
Type: SA17748
Sun Java JRE Sandbox Security Bypass Vulnerabilities
Source: SECUNIA
Type: Patch, Vendor Advisory
17748
Source: SECUNIA
Type: UNKNOWN
17847
Source: CCN
Type: SA18092
IBM Java SDK JRE Sandbox Security Bypass Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
18092
Source: SECUNIA
Type: UNKNOWN
18503
Source: CCN
Type: SECTRACK ID: 1015281
Sun Java Runtime Environment (JRE) JMX Bug Lets Applets Gain Elevated Privileges
Source: SECTRACK
Type: UNKNOWN
1015281
Source: CCN
Type: Sun Alert ID: 102017
Security Vulnerability With Java Management Extensions in the Java Runtime Environment may Allow Untrusted Applet to Elevate Privileges
Source: SUNALERT
Type: Vendor Advisory
102017
Source: CONFIRM
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?uid=swg21225628
Source: CCN
Type: US-CERT VU#931684
Sun Java Management Extensions privilege escalation vulnerability
Source: CERT-VN
Type: US Government Resource
VU#931684
Source: CCN
Type: OSVDB ID: 21235
Sun Java JRE Java Management Extensions (JMX) Unspecified Applet Privilege Escalation
Source: BID
Type: UNKNOWN
15615
Source: CCN
Type: BID-15615
Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities
Source: VUPEN
Type: UNKNOWN
ADV-2005-2636
Source: VUPEN
Type: UNKNOWN
ADV-2005-2675
Source: VUPEN
Type: UNKNOWN
ADV-2005-2946
Source: XF
Type: UNKNOWN
sun-jmx-elevate-privileges(23252)
Source: XF
Type: UNKNOWN
sun-jmx-elevate-privileges(23252)
Source: SUSE
Type: SUSE-SR:2006:001
SUSE Security Summary Report
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:sun:jdk:1.5.0_03:*:linux:*:*:*:*:*OR cpe:/a:sun:jdk:1.5.0_03:*:solaris:*:*:*:*:*OR cpe:/a:sun:jdk:1.5.0_03:*:windows:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update1:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update2:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update3:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update4:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update5:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:update1:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:update15:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:update1a:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:update4:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:update8:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.1:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:update15:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:update8:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:update4:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update5:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update4:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update3:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update2:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:update1:*:*:*:*:*:*OR cpe:/a:sun:jre:1.3.0:-:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |