CVE-2007-5238

Java Web Start Information Disclosure in JDK/JRE 6 Update 2 and earlier, 5.0 Update 12 and earlier, 1.4.2_15 and earlier

Title source: llm
STIX 2.1

Description

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities."

References (33)

Core 33
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36946
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25920
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0132.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-1041.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3895
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30676
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29042
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27693
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_55_java.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29897
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27206
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27804
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200804-28.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29858
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-0963.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0609
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27261
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482926/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28777
Vendor Advisory vendor-advisory x_refsource_bea
http://dev2dev.bea.com/pub/advisory/272
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30780
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11592
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28880
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27716
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1856/references
Patch vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018770
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

Scores

EPSS 0.0105
EPSS Percentile 77.8%

Details

CWE
CWE-264
Status published
Products (21)
sun/jdk 1.5.0 update1 (11 CPE variants)
sun/jdk 1.6.0 update1 (2 CPE variants)
sun/jre 1.3.0 (2 CPE variants)
sun/jre 1.3.1 update1 (6 CPE variants)
sun/jre 1.4
sun/jre 1.4.1 update3
sun/jre 1.4.2
sun/jre 1.4.2_1
sun/jre 1.4.2_3
sun/jre 1.4.2_8
... and 11 more
Published Oct 06, 2007
Tracked Since Feb 18, 2026