CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2435

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile22.72th
PublishedMay 2, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Affected Platforms (CPE)

πŸ“¦
Sun

Java Enterprise System

<= 5.0
πŸ“¦
Sun

Jre

<= 1.4.2
πŸ“¦
Sun

Jre

<= 1.5.0
πŸ“¦
Sun

Sdk

<= 1.4.3_13

References & Advisories

πŸ”— http://dev2dev.bea.com/pub/advisory/241
πŸ”— http://docs.info.apple.com/article.html?artnum=307177
πŸ”— http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
πŸ”— http://osvdb.org/35483
πŸ”— http://secunia.com/advisories/25069
πŸ”— http://secunia.com/advisories/25283
πŸ”— http://secunia.com/advisories/25413
πŸ”— http://secunia.com/advisories/25474

Related Vulnerabilities

CVE-2011-080710.0

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server ...

CVE-2008-27059.3

Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Di...

CVE-2020-128738.8

An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker ...

CVE-2021-288208.8

The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO...