The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jdk | Sun | * | 1.6.0 (including) |
| Jdk | Sun | 1.5.0-update1 (including) | 1.5.0-update1 (including) |
| Jdk | Sun | 1.5.0-update10 (including) | 1.5.0-update10 (including) |
| Jdk | Sun | 1.5.0-update11 (including) | 1.5.0-update11 (including) |
| Jdk | Sun | 1.5.0-update12 (including) | 1.5.0-update12 (including) |
| Jdk | Sun | 1.5.0-update2 (including) | 1.5.0-update2 (including) |
| Jdk | Sun | 1.5.0-update3 (including) | 1.5.0-update3 (including) |
| Jdk | Sun | 1.5.0-update4 (including) | 1.5.0-update4 (including) |
| Jdk | Sun | 1.5.0-update5 (including) | 1.5.0-update5 (including) |
| Jdk | Sun | 1.5.0-update7 (including) | 1.5.0-update7 (including) |
| Jdk | Sun | 1.5.0-update8 (including) | 1.5.0-update8 (including) |
| Jdk | Sun | 1.5.0-update9 (including) | 1.5.0-update9 (including) |
| Jdk | Sun | 1.6.0-update1 (including) | 1.6.0-update1 (including) |
| Jre | Sun | * | 1.3.1 (including) |
| Jre | Sun | * | 1.4.2 (including) |
| Jre | Sun | * | 1.5.0 (including) |
| Jre | Sun | 1.3.0 (including) | 1.3.0 (including) |
| Jre | Sun | 1.3.0-update5 (including) | 1.3.0-update5 (including) |
| Jre | Sun | 1.3.1-update1 (including) | 1.3.1-update1 (including) |
| Jre | Sun | 1.3.1-update16 (including) | 1.3.1-update16 (including) |
| Jre | Sun | 1.3.1-update18 (including) | 1.3.1-update18 (including) |
| Jre | Sun | 1.3.1-update19 (including) | 1.3.1-update19 (including) |
| Jre | Sun | 1.3.1-update1a (including) | 1.3.1-update1a (including) |
| Jre | Sun | 1.4 (including) | 1.4 (including) |
| Jre | Sun | 1.4.1-update3 (including) | 1.4.1-update3 (including) |
| Jre | Sun | 1.4.2 (including) | 1.4.2 (including) |
| Jre | Sun | 1.4.2_1 (including) | 1.4.2_1 (including) |
| Jre | Sun | 1.4.2_3 (including) | 1.4.2_3 (including) |
| Jre | Sun | 1.4.2_8 (including) | 1.4.2_8 (including) |
| Jre | Sun | 1.4.2_9 (including) | 1.4.2_9 (including) |
| Jre | Sun | 1.4.2_10 (including) | 1.4.2_10 (including) |
| Jre | Sun | 1.4.2_11 (including) | 1.4.2_11 (including) |
| Jre | Sun | 1.4.2_12 (including) | 1.4.2_12 (including) |
| Jre | Sun | 1.4.2_13 (including) | 1.4.2_13 (including) |
| Jre | Sun | 1.4.2_14 (including) | 1.4.2_14 (including) |
| Jre | Sun | 1.5.0-update1 (including) | 1.5.0-update1 (including) |
| Jre | Sun | 1.5.0-update10 (including) | 1.5.0-update10 (including) |
| Jre | Sun | 1.5.0-update11 (including) | 1.5.0-update11 (including) |
| Jre | Sun | 1.5.0-update2 (including) | 1.5.0-update2 (including) |
| Jre | Sun | 1.5.0-update3 (including) | 1.5.0-update3 (including) |
| Jre | Sun | 1.5.0-update4 (including) | 1.5.0-update4 (including) |
| Jre | Sun | 1.5.0-update5 (including) | 1.5.0-update5 (including) |
| Jre | Sun | 1.5.0-update6 (including) | 1.5.0-update6 (including) |
| Jre | Sun | 1.5.0-update7 (including) | 1.5.0-update7 (including) |
| Jre | Sun | 1.5.0-update8 (including) | 1.5.0-update8 (including) |
| Jre | Sun | 1.5.0-update9 (including) | 1.5.0-update9 (including) |
| Jre | Sun | 1.6.0-update_1 (including) | 1.6.0-update_1 (including) |
| Jre | Sun | 1.6.0-update_2 (including) | 1.6.0-update_2 (including) |
| Sdk | Sun | * | 1.4.2_15 (including) |
| Sdk | Sun | 1.3.1_01 (including) | 1.3.1_01 (including) |
| Sdk | Sun | 1.3.1_01a (including) | 1.3.1_01a (including) |
| Sdk | Sun | 1.3.1_16 (including) | 1.3.1_16 (including) |
| Sdk | Sun | 1.3.1_18 (including) | 1.3.1_18 (including) |
| Sdk | Sun | 1.3.1_19 (including) | 1.3.1_19 (including) |
| Sdk | Sun | 1.3.1_20 (including) | 1.3.1_20 (including) |
| Sdk | Sun | 1.4.2 (including) | 1.4.2 (including) |
| Sdk | Sun | 1.4.2_03 (including) | 1.4.2_03 (including) |
| Sdk | Sun | 1.4.2_08 (including) | 1.4.2_08 (including) |
| Sdk | Sun | 1.4.2_09 (including) | 1.4.2_09 (including) |
| Sdk | Sun | 1.4.2_10 (including) | 1.4.2_10 (including) |
| Sdk | Sun | 1.4.2_11 (including) | 1.4.2_11 (including) |
| Sdk | Sun | 1.4.2_12 (including) | 1.4.2_12 (including) |
| Sdk | Sun | 1.4.2_13 (including) | 1.4.2_13 (including) |
| Sdk | Sun | 1.4.2_14 (including) | 1.4.2_14 (including) |
| Extras for RHEL 4 | RedHat | java-1.5.0-sun-0:1.5.0.13-1jpp.1.el4 | * |
| Supplementary for Red Hat Enterprise Linux 5 | RedHat | java-1.5.0-sun-0:1.5.0.13-1jpp.1.el5 | * |
| Sun-java5 | Ubuntu | dapper | * |
| Sun-java5 | Ubuntu | edgy | * |
| Sun-java5 | Ubuntu | feisty | * |
| Sun-java5 | Ubuntu | gutsy | * |
| Sun-java5 | Ubuntu | hardy | * |
| Sun-java5 | Ubuntu | intrepid | * |
| Sun-java5 | Ubuntu | jaunty | * |
| Sun-java6 | Ubuntu | devel | * |
| Sun-java6 | Ubuntu | feisty | * |
| Sun-java6 | Ubuntu | gutsy | * |
| Sun-java6 | Ubuntu | hardy | * |
| Sun-java6 | Ubuntu | intrepid | * |
| Sun-java6 | Ubuntu | jaunty | * |
| Sun-java6 | Ubuntu | karmic | * |
References
- http://dev2dev.bea.com/pub/advisory/272
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
- http://osvdb.org/40834
- http://secunia.com/advisories/27320
- http://secunia.com/advisories/27693
- http://secunia.com/advisories/29042
- http://secunia.com/advisories/29858
- http://secunia.com/advisories/30676
- http://secunia.com/advisories/30780
- http://security.gentoo.org/glsa/glsa-200804-28.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-480.htm
- http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
- http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
- http://www.securityfocus.com/bid/26185
- http://www.securitytracker.com/id?1018847
- http://www.vmware.com/security/advisories/VMSA-2008-0010.html
- http://www.vupen.com/english/advisories/2007/3589
- http://www.vupen.com/english/advisories/2007/3895
- http://www.vupen.com/english/advisories/2008/0609
- http://www.vupen.com/english/advisories/2008/1856/references
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9898
- http://dev2dev.bea.com/pub/advisory/272
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533
- http://osvdb.org/40834
- http://secunia.com/advisories/27320
- http://secunia.com/advisories/27693
- http://secunia.com/advisories/29042
- http://secunia.com/advisories/29858
- http://secunia.com/advisories/30676
- http://secunia.com/advisories/30780
- http://security.gentoo.org/glsa/glsa-200804-28.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-480.htm
- http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
- http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
- http://www.securityfocus.com/bid/26185
- http://www.securitytracker.com/id?1018847
- http://www.vmware.com/security/advisories/VMSA-2008-0010.html
- http://www.vupen.com/english/advisories/2007/3589
- http://www.vupen.com/english/advisories/2007/3895
- http://www.vupen.com/english/advisories/2008/0609
- http://www.vupen.com/english/advisories/2008/1856/references
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9898