{"vuid":"VU#931684","idnumber":"931684","name":"Sun Java Management Extensions privilege escalation vulnerability","keywords":["Sun","Java Management Extensions","JMX","privilege escalation","untrusted applet"],"overview":"A vulnerability in the Sun Java Management Extensions API may allow a remote attacker to execute arbitrary code.","clean_desc":"According to Sun Microsystems: Java Management Extensions (JMX) technology provides the tools for building distributed, Web-based, modular and dynamic solutions for managing and monitoring devices, applications, and service-driven networks. An unspecified vulnerability in the JMX API may allow an untrusted Java applet to execute elevated privileges. For more information, please refer to Sun Alert 102017.","impact":"A remote attacker may be able to execute arbitrary code.","resolution":"Upgrade Java\nSun addressed this issue in the Java Development Kit (JDK) and the Java Runtime Environment (JRE) 5.0 Update 4.","workarounds":"Do not access Java Applets from untrusted sources Attackers","sysaffected":"","thanks":"This vulnerability was reported by \nSun Microsystems\n. Sun credits Adam Gowdiak with providing information regarding this issue.","author":"This document was written by Jeff Gennari.","public":["http://secunia.com/advisories/17748/","http://java.sun.com/products/JavaManagement/","http://sunsolve.sun.com/search/document.do?assetkey=1-26-102017-1"],"cveids":["CVE-2005-3904"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:13:14.972115Z","publicdate":"2005-11-28T00:00:00Z","datefirstpublished":"2005-12-02T13:53:23Z","dateupdated":"2006-01-12T16:02:00Z","revision":33,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":9.0,"vulnote":null}