Release DateDec 20, 2005 |
Severitycritical |
ImpactSecurity Bypass: Remote attackers can bypass security checking of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a Security Bypass vulnerability inJava Web Start. The vulnerability is caused by an error when the vulnerable software handles the "jnlp" file with a malicious property. It allows a remote attacker to bypass the java security policy by sending a crafted "jnlp" file. |
Affected ProductsSun Java Web Start 1.2, Sun Java 2 Runtime Environment 1.4.2 _06 and runtime JAVA earlier versions. |
Recommended ActionsApply patch,available from the web site.Sun Java 2 Runtime Environment 1.3 _05 Sun J2SE 5.0 (1.5.0) Update 2 http://java.sun.com/j2se/1.5.0/index.jsp Sun J2SE 1.4.2 http://java.sun.com/j2se/1.4.2/download.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-0836 |
Reference/shttp://www.securityfocus.com/bid/12847 (BugTraq) |
