CVE - CVE-2007-5236

CVE-ID
CVE-2007-5236	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BEA:BEA08-198.00 URL:~~http://dev2dev.bea.com/pub/advisory/272~~ (Obsolete source - check if archived by the Wayback Machine) BID:25920 URL:http://www.securityfocus.com/bid/25920 CONFIRM:http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0010.html HP:HPSBUX02284 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 HP:SSRT071483 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 OVAL:oval:org.mitre.oval:def:6115 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6115 SECUNIA:27261 URL:http://secunia.com/advisories/27261 SECUNIA:27693 URL:http://secunia.com/advisories/27693 SECUNIA:27716 URL:http://secunia.com/advisories/27716 SECUNIA:28777 URL:http://secunia.com/advisories/28777 SECUNIA:29042 URL:http://secunia.com/advisories/29042 SECUNIA:29897 URL:http://secunia.com/advisories/29897 SECUNIA:30676 URL:http://secunia.com/advisories/30676 SUNALERT:103073 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1~~ (Obsolete source) SUSE:SUSE-SA:2007:055 URL:http://www.novell.com/linux/security/advisories/2007_55_java.html SUSE:SUSE-SA:2008:025 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html VUPEN:ADV-2007-3895 URL:~~http://www.vupen.com/english/advisories/2007/3895~~ (Obsolete source) VUPEN:ADV-2008-0609 URL:~~http://www.vupen.com/english/advisories/2008/0609~~ (Obsolete source) VUPEN:ADV-2008-1856 URL:~~http://www.vupen.com/english/advisories/2008/1856/references~~ (Obsolete source) XF:javaweb-cache-information-disclosure(36946) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36946
Assigning CNA
MITRE Corporation
Date Record Created
20071005	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)