Bug 431861 (CVE-2008-0657)

Summary: CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and application
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kreilly, kseifried
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-30 01:10:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 431999, 432000, 435710, 435711, 439176, 439177, 455574, 455726    
Bug Blocks:    

Description Marc Schoenefeld 2008-02-07 14:32:03 UTC 
Sun disclosed these vulnerability details in 
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1 : 

Two vulnerabilities in the Java Runtime Environment may independently allow an
untrusted application or applet that is downloaded from a website to elevate its
privileges. For example, the application or applet may grant itself permissions
to read and write local files or execute local applications that are accessible
to the user running the untrusted application or applet.
Comment 1 Marc Schoenefeld 2008-02-07 14:35:05 UTC 
Affected: 

* JDK and JRE 6 Update 1 or earlier 
* JDK and JRE 5.0 Update 13 or earlier (