CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-0836

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile21.77th
Published2005年5月2日
Last Modified2026年4月16日

Vulnerability Description

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

Affected Platforms (CPE)

📦
Sun

J2se

= 1.4.2
📦
Sun

J2se

= 1.4.2_01
📦
Sun

J2se

= 1.4.2_02
📦
Sun

J2se

= 1.4.2_03
📦
Sun

J2se

= 1.4.2_04
📦
Sun

J2se

= 1.4.2_05
📦
Sun

J2se

= 1.4.2_06

References & Advisories

🔗 http://jouko.iki.fi/adv/ws.html
🔗 http://marc.info/?l=full-disclosure&m=111117284323657&w=2
🔗 http://secunia.com/advisories/14640
🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1
🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200255-1
🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000200.1-1
🔗 http://www.gentoo.org/security/en/glsa/glsa-200503-28.xml
🔗 http://www.novell.com/linux/security/advisories/2005_32_java2.html

相關漏洞威脅

CVE-2008-311110.0

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JR...

CVE-2005-04187.5

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to ga...

CVE-2005-19745.1

Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used ...

CVE-2005-19735.1

Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themse...