Vulnerability Name:

CVE-2007-2435 (CCN-33984)

Assigned:2007-04-30
Published:2007-04-30
Updated:2017-10-11
Summary:Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
The vendor has addressed this issue through product updates that can be found at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2435

Source: BEA
Type: UNKNOWN
BEA07-173.00

Source: CCN
Type: Apple Web site
About the security content of Java Release 6 for Mac OS X 10.4

Source: MISC
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307177

Source: CCN
Type: Sun Microsystems, Inc. Web site
Java Web Start Technology

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-12-14

Source: OSVDB
Type: UNKNOWN
35483

Source: CCN
Type: RHSA-2007-0817
Critical: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2007-0829
Critical: java-1.5.0-ibm security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: SA25069
Java 2 Platform Privilege Escalation Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
25069

Source: CCN
Type: SA25283
BEA JRockit Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25283

Source: CCN
Type: SA25413
Avaya IR Java Web Start Insecure System Classes Vulnerability

Source: SECUNIA
Type: UNKNOWN
25413

Source: SECUNIA
Type: UNKNOWN
25474

Source: SECUNIA
Type: UNKNOWN
25832

Source: SECUNIA
Type: UNKNOWN
26311

Source: SECUNIA
Type: UNKNOWN
26369

Source: CCN
Type: SA28115
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28115

Source: SECUNIA
Type: UNKNOWN
29858

Source: SECUNIA
Type: UNKNOWN
30780

Source: GENTOO
Type: UNKNOWN
GLSA-200706-08

Source: GENTOO
Type: UNKNOWN
GLSA-200804-28

Source: CCN
Type: SECTRACK ID: 1017986
Java Web Start Incorrect Use of System Classes Lets Users Gain Elevated Privileges

Source: CCN
Type: Sun Alert ID: 102881
Security Vulnerability With Java Web Start Related to Incorrect Use of System Classes

Source: SUNALERT
Type: Patch, Vendor Advisory
102881

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm

Source: CCN
Type: ASA-2007-199
Security Vulnerability With Java Web Start Related to Incorrect Use of System Classes (Sun 102881)

Source: CCN
Type: ASA-2007-343
java-1.5.0-ibm security update (RHSA-2007-0829)

Source: CCN
Type: ASA-2007-387
java-1.4.2-ibm security update (RHSA-2007-0817)

Source: CCN
Type: GLSA 200804-28
JRockit: Multiple vulnerabilities

Source: CCN
Type: GLSA-200705-23
Sun JDK/JRE: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200705-23

Source: CCN
Type: GLSA-200706-08
emul-linux-x86-java: Multiple vulnerabilities

Source: CCN
Type: GLSA-200804-20
Sun JDK/JRE: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200804-20

Source: GENTOO
Type: UNKNOWN
GLSA-200806-11

Source: CCN
Type: OSVDB ID: 35483
Sun Java Web Start JNLP File Unspecified Privilege Escalation

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0817

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0829

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0261

Source: BID
Type: Patch
23728

Source: CCN
Type: BID-23728
Sun Java Web Start Unauthorized Access Vulnerability

Source: SECTRACK
Type: UNKNOWN
1017986

Source: VUPEN
Type: UNKNOWN
ADV-2007-1598

Source: VUPEN
Type: UNKNOWN
ADV-2007-1814

Source: VUPEN
Type: UNKNOWN
ADV-2007-4224

Source: XF
Type: UNKNOWN
javawebstart-classes-privilege-escalation(33984)

Source: XF
Type: UNKNOWN
javawebstart-classes-privilege-escalation(33984)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10999

Source: CCN
Type: BEA07-173.00
An Application started through Java Web Start may be able to elevate its privileges

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:java_enterprise_system:*:update10:*:*:*:*:*:* (Version <= 5.0)
  • OR cpe:/a:sun:jre:*:update13:*:*:*:*:*:* (Version <= 1.4.2)
  • OR cpe:/a:sun:jre:*:update10:*:*:*:*:*:* (Version <= 1.5.0)
  • OR cpe:/a:sun:sdk:*:*:*:*:*:*:*:* (Version <= 1.4.3_13)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:java_web_start:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:call_management_system_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:21855
    P
    		ELSA-2007:0829: java-1.5.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:21711
    P
    		ELSA-2007:0817: java-1.4.2-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:10999
    V
    		Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.
    2010-09-06
    oval:com.redhat.rhsa:def:20070817
    P
    		RHSA-2007:0817: java-1.4.2-ibm security update (Critical)
    2007-08-07
    oval:com.redhat.rhsa:def:20070829
    P
    		RHSA-2007:0829: java-1.5.0-ibm security update (Critical)
    2007-08-07
    BACK
    sun java enterprise system * update10
    sun jre * update13
    sun jre * update10
    sun sdk *
    sun java web start *
    gentoo linux *
    avaya call management system server -
    redhat rhel extras 3
    redhat rhel extras 4