Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by BEA Systems, Inc.
JVNDB-2007-000329
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-06-06 16:22Summary
Java Web Start vulnerable to execution of unauthorized system classes
Details
Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.
Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.
References
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html",
"dc:date": "2008-06-06T16:22+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-06-06T16:22+09:00",
"description": "Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.\r\n\r\nJava Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html",
"sec:cpe": [
{
"#text": "cpe:/a:allied_telesis_k.k.:ssl_vpn-plus",
"@product": "SSL VPN-Plus",
"@vendor": "Allied Telesis",
"@version": "2.2"
},
{
"#text": "cpe:/a:allied_telesis_k.k.:swimradius",
"@product": "SwimRadius",
"@vendor": "Allied Telesis",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:jrockit",
"@product": "BEA JRockit",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:tw703000",
"@product": "TW703000",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:websam_deploymentmanager",
"@product": "WebSAM DeploymentManager",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:sdk",
"@product": "SDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000329",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN44724673/index.html",
"@id": "JVN#44724673",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435",
"@id": "CVE-2007-2435",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2435",
"@id": "CVE-2007-2435",
"@source": "NVD"
},
{
"#text": "http://www.jpcert.or.jp/wr/2007/wr071701.txt",
"@id": "JPCERT-WR-2007-1701",
"@source": "JPCERT-WR"
},
{
"#text": "http://secunia.com/advisories/25069/",
"@id": "SA25069",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/23728",
"@id": "23728",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/33984",
"@id": "33984",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1017986",
"@id": "1017986",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1598",
"@id": "FrSIRT/ADV-2007-1598",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Java Web Start vulnerable to execution of unauthorized system classes"
}
JVNDB-2005-000776
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Details
The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.
If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.
This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.
*1 JPCERT/CC coordinated this issue based on the publicly available information.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.\r\n\r\nIf you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.\r\n\r\nThis issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.\r\n\r\n*1 JPCERT/CC coordinated this issue based on the publicly available information.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:jrun",
"@product": "Adobe JRun",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:apc:powerchute",
"@product": "PowerChute",
"@vendor": "Schneider Electric",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_express",
"@product": "BEA WebLogic Express",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_platform",
"@product": "BEA WebLogic Platform",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_server",
"@product": "BEA WebLogic Server",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cisco:wan_manager",
"@product": "Cisco WAN Manager (CWM)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cisco:wireless_lan_solution_engine",
"@product": "CiscoWorks Wireless LAN Solution Engine (CWWLSE)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:powerchute",
"@product": "PowerChute",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_web_contents_generator",
"@product": "Cosminexus Web Contents Generator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jce",
"@product": "IBM JCE",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jdk",
"@product": "IBM JDK",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jre",
"@product": "IBM JRE",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:infoteria_asteria_r2_flow_builder",
"@product": "ASTERIA R2 Flow Builder",
"@vendor": "Infoteria Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:infoteria_asteria_r2_server",
"@product": "ASTERIA R2 Server",
"@vendor": "Infoteria Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:esmpro_upsmanager",
"@product": "ESMPRO/UPSManager",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:powerchute",
"@product": "PowerChute",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:j2se",
"@product": "J2SE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jce",
"@product": "JCE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:cisco:hosting_solution_engine",
"@product": "CiscoWorks Host Solution Engine (HSE)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:fujitsu:primergy",
"@product": "PRIMERGY",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/h:hitachi:ha8000",
"@product": "HA8000 Series",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/h:mcafee:intrushield_security_management_system",
"@product": "McAfee IntruShield",
"@vendor": "McAfee",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000776",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93926203/index.html",
"@id": "JVN#93926203",
"@source": "JVN"
},
{
"#text": "http://www.jpcert.or.jp/wr/2005/wr052701.txt",
"@id": "JPCERT-WR-2005-2701",
"@source": "JPCERT-WR"
}
],
"title": "Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate"
}