CVE-2007-2435

Currently unrated

Key Information:

Vendor: Oracle
Status: Sdk; Jre; Java Enterprise System
Vendor: CVE Published:; 2 May 2007

Summary

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

References

http://docs.info.apple.com/article.html?artnum=307177

x_refsource_MISC

http://dev2dev.bea.com/pub/advisory/241

vendor-advisoryx_refsource_BEA

http://www.securityfocus.com/bid/23728

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 2, 2007
Vulnerability Reserved
May 1, 2007