Sun JRE 1.4.2/1.5.0 拒绝服务漏洞

CVE编号

CVE-2007-2435

利用情况

暂无

补丁情况

N/A

披露时间

2007-05-02

JDK和JRE 5.0 Update 10及更早版本中的Sun Java Web Start，SDK和JRE 1.4.2_13及更早版本中的Java Web Start允许远程攻击者通过向自己授予特权的应用程序执行未经授权的操作，该应用程序涉及“错误使用系统类”，可能与对JNLP文件的支持有关。

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://dev2dev.bea.com/pub/advisory/241
http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://osvdb.org/35483
http://secunia.com/advisories/25069
http://secunia.com/advisories/25283
http://secunia.com/advisories/25413
http://secunia.com/advisories/25474
http://secunia.com/advisories/25832
http://secunia.com/advisories/26311
http://secunia.com/advisories/26369
http://secunia.com/advisories/28115
http://secunia.com/advisories/29858
http://secunia.com/advisories/30780
http://security.gentoo.org/glsa/glsa-200706-08.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1
http://support.avaya.com/elmodocs2/security/ASA-2007-199.htm
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
http://www.redhat.com/support/errata/RHSA-2007-0817.html
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/bid/23728
http://www.securitytracker.com/id?1017986
http://www.vupen.com/english/advisories/2007/1598
http://www.vupen.com/english/advisories/2007/1814
http://www.vupen.com/english/advisories/2007/4224
https://exchange.xforce.ibmcloud.com/vulnerabilities/33984
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

AV:N/AC:L/Au:N/C:C/I:C/A:C CWE-ID 漏洞类型 CWE-264 权限、特权和访问控制

还没有评论，来说两句吧...