Bug 469953 - (CVE-2008-4910) CVE-2008-4910 Java Web Start Arbitrary File Execution via file URL
CVE-2008-4910 Java Web Start Arbitrary File Execution via file URL
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=cve,public=20081103,reported=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-04 16:16 EST by Marc Schoenefeld
Modified: 2010-12-27 04:40 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-27 04:40:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marc Schoenefeld 2008-11-04 16:16:01 EST
"The JNLP BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. "
Comment 6 Vincent Danen 2010-12-23 19:26:35 EST
References:

http://www.securityfocus.com/archive/1/archive/1/497799/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/497972/100/0/threaded
http://www.securityfocus.com/bid/31916
http://securityreason.com/securityalert/4542
http://xforce.iss.net/xforce/xfdb/46119 

I see no point in keeping this bug private.  The CVE is public, and it does not look as though Sun has addressed it (or if they have, they haven't mentioned it).

Note You need to log in before you can comment on or make changes to this bug.