Published:2005/12/13 Last Updated:2008/05/21
JVN#15972537
Fujitsu Java Runtime Environment reflection API vulnerability
Overview
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.
This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.
Products Affected
- For more information, refer to the vendor's website.
Description
Impact
If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet.
Solution
References
- Sun Microsystems, Inc.
Sun Alert Notification 230789:Security Vulnerability With Java Runtime Environment May Allow Untrusted Applet to Elevate Privileges - Sun Microsystems, Inc.
Sun Alert Notification 201102:Security Vulnerability With Java Management Extensions in the Java Runtime Environment may Allow Untrusted Applet to Elevate Privileges - Sun Microsystems, Inc.
Sun Alert Notification 201372:Security Vulnerabilities in the Java Runtime Environment May Allow an Untrusted Applet to Elevate Its Privileges - US-CERT Vulnerability Note VU#974188
Sun Java Reflection API privilege escalation vulnerabilities - US-CERT Vulnerability Note VU#931684
Sun Java Management Extensions privilege escalation vulnerability - US-CERT Vulnerability Note VU#355284
Sun Java Runtime Environment applet privilege escalation vulnerability
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000705 |