CVE-2007-2435 : Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Published 2007-05-02 10:19:00

Updated 2017-10-11 01:32:13

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2007-2435

SUN » JRE » Update Update10
Versions up to, including, (<=) 1.5.0
cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*
Matching versions
SUN » JRE » Update Update13
Versions up to, including, (<=) 1.4.2
cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*
Matching versions
SUN » SDK
Versions up to, including, (<=) 1.4.3_13
cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*
Matching versions
SUN » Java Enterprise System » Update Update10
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:java_enterprise_system:*:update10:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-2435

EPSS FAQ

3.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-2435

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-2435

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-2435

Jump to

Vulnerability Details : CVE-2007-2435

Products affected by CVE-2007-2435

Exploit prediction scoring system (EPSS) score for CVE-2007-2435

CVSS scores for CVE-2007-2435

CWE ids for CVE-2007-2435

References for CVE-2007-2435