Vulnerabilities > CVE-2005-0418 - Unspecified vulnerability in SUN J2Se

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sun

NVD

Published: 2005-05-02

Updated: 2008-09-05

Summary

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN J2Se 1.4.2 SUN J2Se 1.4.2_01 SUN J2Se 1.4.2_02 SUN J2Se 1.4.2_03 SUN J2Se 1.4.2_04 SUN J2Se 1.4.2_05 SUN J2Se 1.4.2_06	7

References

http://lists.apple.com/archives/security-announce/2005/Mar/msg00001.html