Detections
Analytics

Sun Java Web Start JNLP File Handling Overflow (102996) (Unix)

medium Nessus Plugin ID 64834

Language:

Synopsis

The remote Unix host has an application that may be prone to a buffer overflow attack.

Description

The Java Web Start utility distributed with the version of Sun Java Runtime Environment (JRE) installed on the remote host may be affected by a buffer overflow vulnerability. If an attacker can convince a user on the affected host to open a specially crafted JNLP file, it may be possible to execute arbitrary code subject to the user's privileges.

Solution

Upgrade to Sun Java JDK and JRE 6 Update 2 / JDK and JRE 5.0 Update 12 or later and remove, if necessary, any affected versions.

See Also

http://www.nessus.org/u?7c3384af

https://www.securityfocus.com/archive/1/473224/30/0/threaded

https://www.securityfocus.com/archive/1/473356/30/0/threaded

http://www.nessus.org/u?7eec761c

Plugin Details

Severity: Medium

ID: 64834

File Name: sun_java_webstart_jnlp_overflow_unix.nasl

Version: 1.11

Type: local

Agent: unix

Family: Misc.

Published: 2/22/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: Host/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/7/2013

Vulnerability Publication Date: 7/10/2007

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-3655

BID: 24832

CWE: 119