Vulnerability Name:

CVE-2007-3655 (CCN-35320)

Assigned:2007-07-10
Published:2007-07-10
Updated:2018-10-30
Summary:Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jul 10 2007 - 21:36:56 CDT
SUN Java JNLP Overflow

Source: MITRE
Type: CNA
CVE-2007-3655

Source: CCN
Type: Apple Web site
About the security content of Java Release 6 for Mac OS X 10.4

Source: MISC
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307177

Source: CCN
Type: Sun Microsystems, Inc. Web site
Java Web Start Technology

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-12-14

Source: FULLDISC
Type: UNKNOWN
20070711 SUN Java JNLP Overflow

Source: OSVDB
Type: UNKNOWN
37756

Source: CCN
Type: eEye Digital Security Advisory AD20070705
Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability

Source: MISC
Type: UNKNOWN
http://research.eeye.com/html/advisories/published/AD20070705.html

Source: CCN
Type: RHSA-2007-0818
Critical: java-1.5.0-sun security update

Source: CCN
Type: RHSA-2007-0829
Critical: java-1.5.0-ibm security update

Source: CCN
Type: SA25981
Sun Java Web Start JNLP File Processing Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
25981

Source: SECUNIA
Type: Vendor Advisory
26314

Source: SECUNIA
Type: Vendor Advisory
26369

Source: SECUNIA
Type: Vendor Advisory
27266

Source: CCN
Type: SA28115
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28115

Source: SECUNIA
Type: Vendor Advisory
29858

Source: SECUNIA
Type: Vendor Advisory
30780

Source: GENTOO
Type: UNKNOWN
GLSA-200804-28

Source: SREASON
Type: UNKNOWN
2874

Source: CCN
Type: SECTRACK ID: 1018346
Java Web Start JNLP Stack Overflow Lets Remote Usres

Source: CCN
Type: Sun Alert ID: 102996
Security Vulnerability in Java Web Start URL Parsing Code May Allow Untrusted Applications to Elevate Privileges

Source: SUNALERT
Type: UNKNOWN
102996

Source: CCN
Type: ASA-2007-336
java-1.5.0-sun security update (RHSA-2007-0818)

Source: CCN
Type: ASA-2007-341
Security Vulnerability in Java Web Start URL Parsing Code May Allow Untrusted Applications to Elevate Privileges (Sun 102996)

Source: CCN
Type: ASA-2007-343
java-1.5.0-ibm security update (RHSA-2007-0829)

Source: EXPLOIT-DB
Type: UNKNOWN
30284

Source: CCN
Type: GLSA 200804-28
JRockit: Multiple vulnerabilities

Source: CCN
Type: GLSA-200804-20
Sun JDK/JRE: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200804-20

Source: GENTOO
Type: UNKNOWN
GLSA-200806-11

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:056

Source: CCN
Type: OSVDB ID: 37756
Sun Java Web Start javaws.exe JNLP File Processing codebase Attribute Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0818

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0829

Source: BUGTRAQ
Type: UNKNOWN
20070709 EEYE: Sun Java WebStart JNLP Stack Buffer Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070711 SUN Java JNLP Overflow

Source: BID
Type: Exploit
24832

Source: CCN
Type: BID-24832
Sun Java Runtime Environment Web Start JNLP File Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018346

Source: VUPEN
Type: Vendor Advisory
ADV-2007-2477

Source: VUPEN
Type: Vendor Advisory
ADV-2007-4224

Source: XF
Type: UNKNOWN
sun-java-jnlp-bo(35320)

Source: XF
Type: UNKNOWN
sun-java-jnlp-bo(35320)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11367

Source: SUSE
Type: SUSE-SA:2007:056
IBM Java Security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_school_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073655
    V
    		CVE-2007-3655
    2022-05-20
    oval:org.opensuse.security:def:31750
    P
    		Security update for java-1_7_1-ibm (Moderate) (in QA)
    2022-01-04
    oval:org.opensuse.security:def:31701
    P
    		Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:42127
    P
    		Security update for glibc (Moderate)
    2021-10-12
    oval:org.opensuse.security:def:31274
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-09-23
    oval:org.opensuse.security:def:31253
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-08-25
    oval:org.opensuse.security:def:31645
    P
    		Security update for ovmf (Important)
    2021-06-22
    oval:org.opensuse.security:def:31642
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:31200
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-06-15
    oval:org.opensuse.security:def:31188
    P
    		Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:31189
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:26047
    P
    		Security update for xen (Important)
    2021-05-12
    oval:org.opensuse.security:def:31345
    P
    		Security update for krb5-appl (Important)
    2021-02-19
    oval:org.opensuse.security:def:32008
    P
    		Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:35567
    P
    		java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35720
    P
    		java-1_4_2-ibm-1.4.2_sr13.10-0.4.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41974
    P
    		java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25475
    P
    		Security update for libssh (Important)
    2020-12-01
    oval:org.opensuse.security:def:26003
    P
    		Security update for yaml-cpp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31047
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31798
    P
    		Security update for OpenEXR (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25544
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26567
    P
    		java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25556
    P
    		Security update for ntp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31121
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31789
    P
    		Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31854
    P
    		Security update for cracklib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25118
    P
    		Security update for lftp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25695
    P
    		Security update for gcc9 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25613
    P
    		Security update for libsolv (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26685
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31811
    P
    		Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31903
    P
    		Security update for fontconfig (Low)
    2020-12-01
    oval:org.opensuse.security:def:25119
    P
    		Security update for libssh2_org (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25748
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25697
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26720
    P
    		java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31855
    P
    		Security update for crash (Low)
    2020-12-01
    oval:org.opensuse.security:def:31942
    P
    		Security update for gnome-session (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25130
    P
    		Security update for ntp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25797
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25271
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25848
    P
    		Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31402
    P
    		Security update for perl-DBD-mysql (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32493
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31406
    P
    		Security update for perl-PlRPC (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31964
    P
    		Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25194
    P
    		Security update for adns (Important)
    2020-12-01
    oval:org.opensuse.security:def:25836
    P
    		Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25272
    P
    		Security update for vino (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25901
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:31489
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32532
    P
    		java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31498
    P
    		Security update for python-numpy (Important)
    2020-12-01
    oval:org.opensuse.security:def:25322
    P
    		Security update for tigervnc (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25850
    P
    		Security update for libreoffice (Low)
    2020-12-01
    oval:org.opensuse.security:def:25283
    P
    		Security update for SUSE Manager Client Tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25950
    P
    		Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:31035
    P
    		Security update for jpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31555
    P
    		Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32646
    P
    		curl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25403
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25894
    P
    		Security update for gstreamer-0_10-plugins-bad (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25347
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25989
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31036
    P
    		Security update for kdebase4-workspace
    2020-12-01
    oval:org.opensuse.security:def:32685
    P
    		java-1_4_2-ibm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25460
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26532
    P
    		cron on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:21855
    P
    		ELSA-2007:0829: java-1.5.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:11367
    V
    		Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
    2010-09-06
    oval:com.redhat.rhsa:def:20070829
    P
    		RHSA-2007:0829: java-1.5.0-ibm security update (Critical)
    2007-08-07
    BACK
    sun jre 1.5.0 update1
    sun jre 1.5.0 update10
    sun jre 1.5.0 update11
    sun jre 1.5.0 update2
    sun jre 1.5.0 update3
    sun jre 1.5.0 update4
    sun jre 1.5.0 update5
    sun jre 1.5.0 update6
    sun jre 1.5.0 update7
    sun jre 1.5.0 update8
    sun jre 1.5.0 update9
    sun jre 1.6.0 update_1
    sun jre 1.5.0
    sun jre 1.5.0 update3
    sun jre 1.6.0
    sun jdk 1.6.0
    sun jdk 1.5.0 update10
    sun jdk 1.5.0 update11
    sun jre 1.5.0 update7
    sun jre 1.5.0 update8
    sun jre 1.5.0 update9
    sun jre 1.5.0 update10
    sun jre 1.5.0 update11
    sun jdk 1.5.0
    sun jdk 1.5.0 update1
    sun jdk 1.5.0 update2
    sun jdk 1.5.0 update3
    sun jdk 1.5.0 update4
    sun jdk 1.5.0 update5
    sun jdk 1.5.0 update6
    sun jdk 1.5.0 update7
    sun jdk 1.5.0 update7_b03
    sun jdk 1.5.0 update8
    sun jdk 1.5.0 update9
    sun jdk 1.6.0 update1
    sun jre 1.5.0 update1
    sun jre 1.5.0 update2
    sun jre 1.5.0 update4
    sun jre 1.5.0 update5
    sun jre 1.5.0 update6
    gentoo linux *
    suse linux enterprise server 8
    suse suse linux 9.0
    suse suse linux school server -
    novell open enterprise server *
    redhat rhel extras 4
    novell suse linux enterprise server 10 sp2
    novell open enterprise server *