Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka three vulnerabilities.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jdk | Sun | 1.5.0-update1 (including) | 1.5.0-update1 (including) |
| Jdk | Sun | 1.5.0-update10 (including) | 1.5.0-update10 (including) |
| Jdk | Sun | 1.5.0-update11 (including) | 1.5.0-update11 (including) |
| Jdk | Sun | 1.5.0-update12 (including) | 1.5.0-update12 (including) |
| Jdk | Sun | 1.5.0-update2 (including) | 1.5.0-update2 (including) |
| Jdk | Sun | 1.5.0-update3 (including) | 1.5.0-update3 (including) |
| Jdk | Sun | 1.5.0-update4 (including) | 1.5.0-update4 (including) |
| Jdk | Sun | 1.5.0-update5 (including) | 1.5.0-update5 (including) |
| Jdk | Sun | 1.5.0-update7 (including) | 1.5.0-update7 (including) |
| Jdk | Sun | 1.5.0-update8 (including) | 1.5.0-update8 (including) |
| Jdk | Sun | 1.5.0-update9 (including) | 1.5.0-update9 (including) |
| Jdk | Sun | 1.6.0-update1 (including) | 1.6.0-update1 (including) |
| Jdk | Sun | 1.6.0-update2 (including) | 1.6.0-update2 (including) |
| Jre | Sun | 1.3.0 (including) | 1.3.0 (including) |
| Jre | Sun | 1.3.0-update5 (including) | 1.3.0-update5 (including) |
| Jre | Sun | 1.3.1-update1 (including) | 1.3.1-update1 (including) |
| Jre | Sun | 1.3.1-update16 (including) | 1.3.1-update16 (including) |
| Jre | Sun | 1.3.1-update18 (including) | 1.3.1-update18 (including) |
| Jre | Sun | 1.3.1-update19 (including) | 1.3.1-update19 (including) |
| Jre | Sun | 1.3.1-update1a (including) | 1.3.1-update1a (including) |
| Jre | Sun | 1.3.1-update20 (including) | 1.3.1-update20 (including) |
| Jre | Sun | 1.4 (including) | 1.4 (including) |
| Jre | Sun | 1.4.1-update3 (including) | 1.4.1-update3 (including) |
| Jre | Sun | 1.4.2 (including) | 1.4.2 (including) |
| Jre | Sun | 1.4.2_1 (including) | 1.4.2_1 (including) |
| Jre | Sun | 1.4.2_3 (including) | 1.4.2_3 (including) |
| Jre | Sun | 1.4.2_8 (including) | 1.4.2_8 (including) |
| Jre | Sun | 1.4.2_9 (including) | 1.4.2_9 (including) |
| Jre | Sun | 1.4.2_10 (including) | 1.4.2_10 (including) |
| Jre | Sun | 1.4.2_11 (including) | 1.4.2_11 (including) |
| Jre | Sun | 1.4.2_12 (including) | 1.4.2_12 (including) |
| Jre | Sun | 1.4.2_13 (including) | 1.4.2_13 (including) |
| Jre | Sun | 1.4.2_14 (including) | 1.4.2_14 (including) |
| Jre | Sun | 1.4.2_15 (including) | 1.4.2_15 (including) |
| Jre | Sun | 1.5.0-update1 (including) | 1.5.0-update1 (including) |
| Jre | Sun | 1.5.0-update10 (including) | 1.5.0-update10 (including) |
| Jre | Sun | 1.5.0-update11 (including) | 1.5.0-update11 (including) |
| Jre | Sun | 1.5.0-update12 (including) | 1.5.0-update12 (including) |
| Jre | Sun | 1.5.0-update2 (including) | 1.5.0-update2 (including) |
| Jre | Sun | 1.5.0-update3 (including) | 1.5.0-update3 (including) |
| Jre | Sun | 1.5.0-update4 (including) | 1.5.0-update4 (including) |
| Jre | Sun | 1.5.0-update5 (including) | 1.5.0-update5 (including) |
| Jre | Sun | 1.5.0-update6 (including) | 1.5.0-update6 (including) |
| Jre | Sun | 1.5.0-update7 (including) | 1.5.0-update7 (including) |
| Jre | Sun | 1.5.0-update8 (including) | 1.5.0-update8 (including) |
| Jre | Sun | 1.5.0-update9 (including) | 1.5.0-update9 (including) |
| Jre | Sun | 1.6.0-update_1 (including) | 1.6.0-update_1 (including) |
| Jre | Sun | 1.6.0-update_2 (including) | 1.6.0-update_2 (including) |
| Sdk | Sun | 1.3.1_01 (including) | 1.3.1_01 (including) |
| Sdk | Sun | 1.3.1_01a (including) | 1.3.1_01a (including) |
| Sdk | Sun | 1.3.1_16 (including) | 1.3.1_16 (including) |
| Sdk | Sun | 1.3.1_18 (including) | 1.3.1_18 (including) |
| Sdk | Sun | 1.3.1_19 (including) | 1.3.1_19 (including) |
| Sdk | Sun | 1.3.1_20 (including) | 1.3.1_20 (including) |
| Sdk | Sun | 1.4.2 (including) | 1.4.2 (including) |
| Sdk | Sun | 1.4.2_03 (including) | 1.4.2_03 (including) |
| Sdk | Sun | 1.4.2_08 (including) | 1.4.2_08 (including) |
| Sdk | Sun | 1.4.2_09 (including) | 1.4.2_09 (including) |
| Sdk | Sun | 1.4.2_10 (including) | 1.4.2_10 (including) |
| Sdk | Sun | 1.4.2_11 (including) | 1.4.2_11 (including) |
| Sdk | Sun | 1.4.2_12 (including) | 1.4.2_12 (including) |
| Sdk | Sun | 1.4.2_13 (including) | 1.4.2_13 (including) |
| Sdk | Sun | 1.4.2_14 (including) | 1.4.2_14 (including) |
| Sdk | Sun | 1.4.2_15 (including) | 1.4.2_15 (including) |
| Extras for RHEL 3 | RedHat | java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 | * |
| Extras for RHEL 4 | RedHat | java-1.5.0-sun-0:1.5.0.13-1jpp.1.el4 | * |
| Extras for RHEL 4 | RedHat | java-1.5.0-ibm-1:1.5.0.6-1jpp.2.el4 | * |
| Extras for RHEL 4 | RedHat | java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | java-1.5.0-sun-0:1.5.0.13-1jpp.1.el5 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | java-1.5.0-ibm-1:1.5.0.6-1jpp.1.el5 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el5 | * |
| Sun-java5 | Ubuntu | dapper | * |
| Sun-java5 | Ubuntu | edgy | * |
| Sun-java5 | Ubuntu | feisty | * |
| Sun-java5 | Ubuntu | gutsy | * |
| Sun-java5 | Ubuntu | hardy | * |
| Sun-java5 | Ubuntu | intrepid | * |
| Sun-java5 | Ubuntu | jaunty | * |
| Sun-java5 | Ubuntu | upstream | * |
| Sun-java6 | Ubuntu | devel | * |
| Sun-java6 | Ubuntu | feisty | * |
| Sun-java6 | Ubuntu | gutsy | * |
| Sun-java6 | Ubuntu | hardy | * |
| Sun-java6 | Ubuntu | intrepid | * |
| Sun-java6 | Ubuntu | jaunty | * |
| Sun-java6 | Ubuntu | karmic | * |
| Sun-java6 | Ubuntu | upstream | * |