Published:2005/12/13  Last Updated:2008/05/21

JVN#15972537
Fujitsu Java Runtime Environment reflection API vulnerability

Overview

A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.

This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.

Products Affected

  • For more information, refer to the vendor's website.

Description

Impact

If a user downloads and executes a specially crafted applet, a remote attacker could access local files with the elevated privileges or execute arbitrary code with the privilege of the user running the applet.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
FUJITSU LIMITED Vulnerable 2006/03/09

References

  1. Sun Microsystems, Inc.
    Sun Alert Notification 230789:Security Vulnerability With Java Runtime Environment May Allow Untrusted Applet to Elevate Privileges
  2. Sun Microsystems, Inc.
    Sun Alert Notification 201102:Security Vulnerability With Java Management Extensions in the Java Runtime Environment may Allow Untrusted Applet to Elevate Privileges
  3. Sun Microsystems, Inc.
    Sun Alert Notification 201372:Security Vulnerabilities in the Java Runtime Environment May Allow an Untrusted Applet to Elevate Its Privileges
  4. US-CERT Vulnerability Note VU#974188
    Sun Java Reflection API privilege escalation vulnerabilities
  5. US-CERT Vulnerability Note VU#931684
    Sun Java Management Extensions privilege escalation vulnerability
  6. US-CERT Vulnerability Note VU#355284
    Sun Java Runtime Environment applet privilege escalation vulnerability

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000705

Update History