The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent malicious users to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java se |