SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java Web Start Vendors:   Sun
Java Web Start May Let Remote Users Exploit Old Vulnerabilities
SecurityTracker Alert ID:  1016733
SecurityTracker URL:  http://securitytracker.com/id/1016733
CVE Reference:   CVE-2006-4302   (Links to External Site)
Updated:  Jun 5 2008
Original Entry Date:  Aug 23 2006
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0, 1.0.1, 1.0.2, 1.2
Description:   A vulnerability was reported in Java Web Start. A remote user may be able to exploit old vulnerabilities.

A remote user can create specially crafted applets and applications that will specify a version of the Java Runtime Environment (JRE) on the target system that does not have the latest security fixes.

Impact:   A remote user can create an applet or application that, when loaded by the target user, can specify an earlier, unpatched version of JRE. This may allow the remote user to exploit ostensibly patched vulnerabilities in JRE.
Solution:   The vendor has issued the following fix:

Java Web Start 5.0 Update 6 and later for Windows, Solaris, and Linux

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1 (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC