CVE-2007-5238

Severity

26%

Complexity

49%

Confidentiality

48%

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities."

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities."

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N).

Overview

First reported 17 years ago

2007-10-06 00:17:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun J2RE 1.3.0

1.3.0

Sun J2RE 1.3.0_05

1.3.0

Sun JRE 1.3.1_01

1.3.1

Sun JRE 1.3.1_16

1.3.1

Sun JRE 1.3.1_18

1.3.1

Sun JRE 1.3.1_19

1.3.1

Sun JRE 1.3.1_01a

1.3.1

Sun JRE 1.3.1_20

1.3.1

JRE 1.4.1_03

1.4.1

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun SDK 1.3.1_01

1.3.1_01

Sun SDK 1.3.1_01a

1.3.1_01a

Sun SDK 1.3.1_16

1.3.1_16

Sun SDK 1.3.1_18

1.3.1_18

Sun SDK 1.3.1_19

1.3.1_19

Sun SDK 1.3.1_20

1.3.1_20

SDK 1.4.2

1.4.2

SDK 1.4.2_03

1.4.2_03

Sun SDK 1.4.2_08

1.4.2_08

Sun SDK 1.4.2_09

1.4.2_09

Sun SDK 1.4.2_10

1.4.2_10

Sun SDK 1.4.2_11

1.4.2_11

Sun SDK 1.4.2_12

1.4.2_12

Sun SDK 1.4.2_13

1.4.2_13

Sun SDK 1.4.2_14

1.4.2_14

Sun SDK 1.4.2_15

1.4.2_15

References

BEA08-198.00

HPSBUX02284

SUSE-SA:2008:025

27206

27261

27693

Patch

27716

Patch

27804

28777

28880

29042

29858

29897

30676

30780

GLSA-200804-28

103073

Patch

http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html

GLSA-200804-20

GLSA-200806-11

SUSE-SA:2007:055

RHSA-2007:0963

RHSA-2007:1041

RHSA-2008:0132

20071029 FLEA-2007-0061-1 sun-jre sun-jdk

25920

1018770

http://www.vmware.com/security/advisories/VMSA-2008-0010.html

ADV-2007-3895

ADV-2008-0609

ADV-2008-1856

javaweb-cache-information-disclosure(36946)

oval:org.mitre.oval:def:11592

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.