Rapid7 Vulnerability & Exploit Database

JRE Multiple Java Web Start Vulnerabilities

Back to Search

JRE Multiple Java Web Start Vulnerabilities

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
07/09/2008
Created
07/25/2018
Added
11/18/2009
Modified
09/13/2018

Description

The Java Web Start application in the Java Runtime Environment (JRE) 6 update 6 and earlier, 5.0 update 15 and earlier as well as 1.4.2_17 and earlier suffer from multiple vulnerabilities which allow the escalation of privilege of untrusted Java Web Start applications. This can result in remote access to the local filesystem, allowing for read, write and executable access.

Solution(s)

  • jre-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;