| ID |
CVE-2005-0836
|
| Summary |
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:sun:j2se:1.4.2:*:sdk:*:*:*:*:*
cpe:2.3:a:sun:j2se:1.4.2:*:sdk:*:*:*:*:*
-
cpe:2.3:a:sun:j2se:1.4.2_01:*:sdk:*:*:*:*:*
cpe:2.3:a:sun:j2se:1.4.2_01:*:sdk:*:*:*:*:*
-
cpe:2.3:a:sun:j2se:1.4.2_02:*:sdk:*:*:*:*:*
cpe:2.3:a:sun:j2se:1.4.2_02:*:sdk:*:*:*:*:*
-
cpe:2.3:a:sun:j2se:1.4.2_03:*:sdk:*:*:*:*:*
cpe:2.3:a:sun:j2se:1.4.2_03:*:sdk:*:*:*:*:*
-
cpe:2.3:a:sun:j2se:1.4.2_04:*:sdk:*:*:*:*:*
cpe:2.3:a:sun:j2se:1.4.2_04:*:sdk:*:*:*:*:*
-
cpe:2.3:a:sun:j2se:1.4.2_05:*:sdk:*:*:*:*:*
cpe:2.3:a:sun:j2se:1.4.2_05:*:sdk:*:*:*:*:*
-
cpe:2.3:a:sun:j2se:1.4.2_06:*:sdk:*:*:*:*:*
cpe:2.3:a:sun:j2se:1.4.2_06:*:sdk:*:*:*:*:*
|
| CVSS |
| Base: | 10.0 (as of 18-10-2016 - 03:15) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bid | 12847 | | fulldisc | 20050318 Java Web Start argument injection vulnerability | | gentoo | GLSA-200503-28 | | misc | http://jouko.iki.fi/adv/ws.html | | secunia | 14640 | | sunalert | | | suse | SUSE-SA:2005:032 |
|
| Last major update |
18-10-2016 - 03:15 |
| Published |
02-05-2005 - 04:00 |
| Last modified |
18-10-2016 - 03:15 |
