jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented

Description:

SUN reports:

A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.

References:

URL: <http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1>
CVE name CVE-2007-5232

Affects:

jdk >=1.3.0 <1.6.0.3p3
jdk >=1.5.0,1 <1.5.0.13p7,1
linux-blackdown-jdk >=1.3.0
linux-sun-jdk >=1.3.0 <1.3.1.20
linux-sun-jdk >=1.4.0 <1.4.2.16
linux-sun-jdk =1.5.0.b1
linux-sun-jdk =1.5.0.b1,1
linux-sun-jdk >=1.5.0,2 <1.5.0.13,2
linux-sun-jdk >=1.6.0 <1.6.0.03

portaudit: jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>