Red Hat Bugzilla – Bug 474792
CVE-2008-5344 Java WebStart unprivileged local file and network access
Last modified: 2013-04-11 16:55:34 EDT
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in
with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update
16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted
applets to read arbitrary files and make unauthorized network
connections via unknown vectors related to applet classloading.
Another mention of this issue:
Red Hat advisory RHSA-2009-0015 states that this bug is fixed:
Suprisingly, this bug (and bug 474556 and bug 474772) and in state NEW, not ERRATA.
This issue has been addressed in following products:
Extras for RHEL 3
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0445 https://rhn.redhat.com/errata/RHSA-2009-0445.html