Bug 431861 (CVE-2008-0657) - CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and application
Summary: CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and appli...
Alias: CVE-2008-0657
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://sunsolve.sun.com/search/docume...
Whiteboard: impact=important,source=sunsolve,repo...
Keywords: Security
Depends On: 431999 432000 435710 435711 439176 439177 455574 455726
TreeView+ depends on / blocked
Reported: 2008-02-07 14:32 UTC by Marc Schoenefeld
Modified: 2011-09-30 01:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-09-30 01:10:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0123 normal SHIPPED_LIVE Critical: java-1.5.0-sun security update 2008-02-12 09:19:38 UTC
Red Hat Product Errata RHSA-2008:0156 normal SHIPPED_LIVE Moderate: java-1.5.0-bea security update 2008-03-05 10:41:57 UTC
Red Hat Product Errata RHSA-2008:0210 normal SHIPPED_LIVE Critical: java-1.5.0-ibm security update 2008-04-03 16:19:20 UTC
Red Hat Product Errata RHSA-2008:0638 normal SHIPPED_LIVE Low: Red Hat Network Satellite Server IBM Java Runtime security update 2008-08-13 14:19:37 UTC

Description Marc Schoenefeld 2008-02-07 14:32:03 UTC
Sun disclosed these vulnerability details in 
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1 : 

Two vulnerabilities in the Java Runtime Environment may independently allow an
untrusted application or applet that is downloaded from a website to elevate its
privileges. For example, the application or applet may grant itself permissions
to read and write local files or execute local applications that are accessible
to the user running the untrusted application or applet.

Comment 1 Marc Schoenefeld 2008-02-07 14:35:05 UTC

* JDK and JRE 6 Update 1 or earlier 
* JDK and JRE 5.0 Update 13 or earlier (

Note You need to log in before you can comment on or make changes to this bug.