CVEブラウザに戻る

CVE-2007-2435

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1470%

EPSS Percentile22.72th

Published2007年5月2日

Last Modified2026年4月23日

Vulnerability Description

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Affected Platforms (CPE)

📦

Sun

Java Enterprise System

<= 5.0

📦

Sun

Jre

<= 1.4.2

📦

Sun

Jre

<= 1.5.0

📦

Sun

Sdk

<= 1.4.3_13

References & Advisories

🔗 http://dev2dev.bea.com/pub/advisory/241

🔗 http://docs.info.apple.com/article.html?artnum=307177

🔗 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

🔗 http://osvdb.org/35483

🔗 http://secunia.com/advisories/25069

🔗 http://secunia.com/advisories/25283

🔗 http://secunia.com/advisories/25413

🔗 http://secunia.com/advisories/25474

関連する脆弱性情報

CVE-2011-080710.0

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server ...

CVE-2008-27059.3

Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Di...

CVE-2020-128738.8

An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker ...

CVE-2021-288208.8

The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO...