CVE-2007-5237 - OpenCVE

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact None

AV:N/AC:H/Au:N/C:C/I:C/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Jdk Jre

Configuration 1 [-]

OR	cpe:2.3:a:sun:jdk::update2::::::*
	cpe:2.3:a:sun:jre::update1::::::*
	cpe:2.3:a:sun:jre::update2::::::*

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/272
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
http://secunia.com/advisories/27261
http://secunia.com/advisories/27693
http://secunia.com/advisories/29042
http://secunia.com/advisories/29858
http://secunia.com/advisories/30676
http://secunia.com/advisories/30780
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1	Patch
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://www.novell.com/linux/security/advisories/2007_55_java.html
http://www.securityfocus.com/bid/25920
http://www.securitytracker.com/id?1018770
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vupen.com/english/advisories/2007/3895
http://www.vupen.com/english/advisories/2008/0609
http://www.vupen.com/english/advisories/2008/1856/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/36946
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5899

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-06T00:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2007-10-05T00:00:00

Link: CVE-2007-5237

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-06T00:17:00.000

Modified: 2017-09-29T01:29:31.940

Link: CVE-2007-5237

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka \"two vulnerabilities.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-3895", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3895"}, {"name": "30676", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30676"}, {"name": "29042", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29042"}, {"name": "oval:org.mitre.oval:def:5899", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5899"}, {"name": "27693", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27693"}, {"name": "SUSE-SA:2007:055", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"}, {"name": "javaweb-cache-information-disclosure(36946)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36946"}, {"name": "GLSA-200804-28", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"}, {"name": "HPSBUX02284", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"}, {"name": "29858", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29858"}, {"name": "ADV-2008-0609", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0609"}, {"name": "27261", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27261"}, {"name": "SSRT071483", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"}, {"name": "BEA08-198.00", "tags": ["vendor-advisory", "x_refsource_BEA"], "url": "http://dev2dev.bea.com/pub/advisory/272"}, {"name": "30780", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30780"}, {"name": "25920", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25920"}, {"name": "ADV-2008-1856", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1856/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"}, {"name": "103073", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1"}, {"name": "1018770", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018770"}, {"name": "GLSA-200804-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"}, {"name": "GLSA-200806-11", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5237", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka \"two vulnerabilities.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-3895", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3895"}, {"name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676"}, {"name": "29042", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29042"}, {"name": "oval:org.mitre.oval:def:5899", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5899"}, {"name": "27693", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27693"}, {"name": "SUSE-SA:2007:055", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"}, {"name": "javaweb-cache-information-disclosure(36946)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36946"}, {"name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"}, {"name": "HPSBUX02284", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"}, {"name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858"}, {"name": "ADV-2008-0609", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0609"}, {"name": "27261", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27261"}, {"name": "SSRT071483", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"}, {"name": "BEA08-198.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/272"}, {"name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780"}, {"name": "25920", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25920"}, {"name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"}, {"name": "103073", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1"}, {"name": "1018770", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018770"}, {"name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"}, {"name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5237", "datePublished": "2007-10-06T00:00:00", "dateReserved": "2007-10-05T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:jdk:*:update2:*:*:*:*:*:*", "matchCriteriaId": "03E4E4BB-0526-42F9-9649-F10AEB4EBFE5", "versionEndIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:*:update1:*:*:*:*:*:*", "matchCriteriaId": "2CE4D7F3-A393-40E7-A08D-60527A1658DA", "versionEndIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:jre:*:update2:*:*:*:*:*:*", "matchCriteriaId": "D64D8A64-7079-403A-81BF-9D518E4A7752", "versionEndIncluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka \"two vulnerabilities.\""}, {"lang": "es", "value": "Java Web Start in Sun JDK and JRE 6 Update 2 y anteriores no hace cumplir las restricciones de acceso para aplicaciones no confiables, lo cual permite a atacantes remotos con la intervenci\u00f3n del usuario leer y modificar archivos locales a trav\u00e9s de aplicaciones no confiables, tambi\u00e9n conocido como \"dos vulnerabilidades\"."}], "id": "CVE-2007-5237", "lastModified": "2017-09-29T01:29:31.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-06T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://dev2dev.bea.com/pub/advisory/272"}, {"source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27261"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27693"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29042"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29858"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30676"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30780"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_55_java.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25920"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018770"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3895"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0609"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1856/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36946"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5899"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. These issues did not affect the versions of Sun JDK as shipped with Red Hat Enterprise Linux Extras 4 or 5.", "lastModified": "2007-10-08T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}