Bug 436299 (CVE-2008-1195)

Summary: CVE-2008-1195 Java-API calls in untrusted Javascript allow network privilege escalation
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kreilly, kseifried
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-30 01:13:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 436304, 436305, 439176, 439177, 444749, 455574, 455726    
Bug Blocks:    

Description Marc Schoenefeld 2008-03-06 13:05:32 UTC 
A vulnerability in the Java Runtime Environment may allow JavaScript code that
is downloaded by a browser to make connections to network services on the system
that the browser runs on, through Java APIs. This may allow files (that are
accessible through these network services) or vulnerabilities (that exist on
these network services) which are not otherwise normally accessible to be
accessed or exploited.