431861 – (CVE-2008-0657) CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and application

Bug 431861 (CVE-2008-0657) - CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and application

Summary: CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and appli...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-0657
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://sunsolve.sun.com/search/docume...
Whiteboard:
Depends On:	431999 432000 435710 435711 439176 439177 455574 455726
Blocks:
TreeView+	depends on / blocked

Reported:	2008-02-07 14:32 UTC by Marc Schoenefeld
Modified:	2019-09-29 12:23 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2011-09-30 01:10:23 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0123	normal	SHIPPED_LIVE	Critical: java-1.5.0-sun security update	2008-02-12 09:19:38 UTC
Red Hat Product Errata	RHSA-2008:0156	normal	SHIPPED_LIVE	Moderate: java-1.5.0-bea security update	2008-03-05 10:41:57 UTC
Red Hat Product Errata	RHSA-2008:0210	normal	SHIPPED_LIVE	Critical: java-1.5.0-ibm security update	2008-04-03 16:19:20 UTC
Red Hat Product Errata	RHSA-2008:0638	normal	SHIPPED_LIVE	Low: Red Hat Network Satellite Server IBM Java Runtime security update	2008-08-13 14:19:37 UTC

Description Marc Schoenefeld 2008-02-07 14:32:03 UTC

Sun disclosed these vulnerability details in 
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1 : 

Two vulnerabilities in the Java Runtime Environment may independently allow an
untrusted application or applet that is downloaded from a website to elevate its
privileges. For example, the application or applet may grant itself permissions
to read and write local files or execute local applications that are accessible
to the user running the untrusted application or applet.

Comment 1 Marc Schoenefeld 2008-02-07 14:35:05 UTC

Affected: 

* JDK and JRE 6 Update 1 or earlier 
* JDK and JRE 5.0 Update 13 or earlier (

Note You need to log in before you can comment on or make changes to this bug.