CVE-2007-3504
Last modified
CVE-2007-3504 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.. EPSS estimates a 6.42% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sun | Jdk | <= 1.5.0 | Update11 |
| Sun | Jre | <= 1.4.2 | Update13 |
| Sun | Jre | <= 1.5.0 | Update11 |
| Sun | Sdk | <= 1.4.2_13 | — |
References
- http://secunia.com/advisories/25823Vendor Advisory
- http://secunia.com/advisories/28115Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2384Vendor Advisory
- http://www.vupen.com/english/advisories/2007/4224Vendor Advisory
- http://secunia.com/advisories/25823Vendor Advisory
- http://secunia.com/advisories/28115Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2384Vendor Advisory
- http://www.vupen.com/english/advisories/2007/4224Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-3504?
How severe is CVE-2007-3504?
How do I fix CVE-2007-3504?
Are you affected by CVE-2007-3504?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST