CyberSec.Space Logo
Back to CVE Browser

CVE-2005-0836

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile21.77th
PublishedMay 2, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

Affected Platforms (CPE)

πŸ“¦
Sun

J2se

= 1.4.2
πŸ“¦
Sun

J2se

= 1.4.2_01
πŸ“¦
Sun

J2se

= 1.4.2_02
πŸ“¦
Sun

J2se

= 1.4.2_03
πŸ“¦
Sun

J2se

= 1.4.2_04
πŸ“¦
Sun

J2se

= 1.4.2_05
πŸ“¦
Sun

J2se

= 1.4.2_06

References & Advisories

πŸ”— http://jouko.iki.fi/adv/ws.html
πŸ”— http://marc.info/?l=full-disclosure&m=111117284323657&w=2
πŸ”— http://secunia.com/advisories/14640
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-66-200255-1
πŸ”— http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000200.1-1
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200503-28.xml
πŸ”— http://www.novell.com/linux/security/advisories/2005_32_java2.html

Related Vulnerabilities

CVE-2008-311110.0

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JR...

CVE-2005-04187.5

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to ga...

CVE-2005-19745.1

Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used ...

CVE-2005-19735.1

Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themse...