Vulnerability Details : CVE-2007-2435

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Published 2007-05-02 10:19:00

Updated 2017-10-11 01:32:13

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-2435

Probability of exploitation activity in the next 30 days: 1.94%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-2435

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-2435

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-2435

Products affected by CVE-2007-2435

SUN » JRE » Update Update10
Versions up to, including, (<=) 1.5.0
cpe:2.3:a:sun:jre:*:update10:*:*:*:*:*:*
Matching versions
SUN » JRE » Update Update13
Versions up to, including, (<=) 1.4.2
cpe:2.3:a:sun:jre:*:update13:*:*:*:*:*:*
Matching versions
SUN » SDK
Versions up to, including, (<=) 1.4.3_13
cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*
Matching versions
SUN » Java Enterprise System » Update Update10
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:java_enterprise_system:*:update10:*:*:*:*:*:*
Matching versions