ID CVE-2005-0836
Summary Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:j2se:1.4.2:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_01:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_01:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_02:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_02:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_03:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_03:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_04:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_04:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_05:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_05:*:sdk:*:*:*:*:*
  • cpe:2.3:a:sun:j2se:1.4.2_06:*:sdk:*:*:*:*:*
    cpe:2.3:a:sun:j2se:1.4.2_06:*:sdk:*:*:*:*:*
CVSS
Base: 10.0 (as of 18-10-2016 - 03:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 12847
fulldisc 20050318 Java Web Start argument injection vulnerability
gentoo GLSA-200503-28
misc http://jouko.iki.fi/adv/ws.html
secunia 14640
sunalert
  • 1000200
  • 200255
  • 57740
suse SUSE-SA:2005:032
Last major update 18-10-2016 - 03:15
Published 02-05-2005 - 04:00
Back to Top