Sun Alert ID: 102557 (RESOLVED) Synopsis: Java Plug-in and Java Web Start May Allow Applets and Applications to Run With Unpatched JRE Product: Java 2 Platform, Standard Edition Category: Security

1. Impact
The Java Plug-in and Java Web Start both allow applets and applications to specify the version of the Java Runtime Environment (JRE) to run with. However, the versions of Java Web Start and the Java Plug-in listed in Section 2 below may allow applets or applications to run with a specified version of the JRE that does not have the latest security fixes.

2. Contributing Factors
This issue can occur in the following releases (for Solaris, Lunix and Windows platforms):
* Java Plug-in included with J2SE 5.0 Update 5 and earlier, 1.4.x, 1.3.1, and 1.3.0_02 and later
* Java Web Start included with J2SE 5.0 Update 5 and earlier, and 1.4.2
* Java Web Start 1.2, 1.0.2, 1.0.1, and 1.0

To determine the default version of the JRE on a system for Solaris and Lunix, the following command can be run:

% java -version
Note: The above command only determines the default version. Other versions may also be installed on the system. To determine the default version of the JRE on a system for Windows:
1. Click Start
2. Select Run
3. Type cmd (starts a command-line)
4. At the prompt, type java -version
5. Press Enter

Note: The above command only determines the default version. Other versions may also be installed on the system.

1. Prior to 5.0 Update 6, an applet could specify the version of the JRE on which it would run. With 5.0 Update 6 and later installed on the Windows platform, all applets are executed with the latest version of the JRE.

Note: It is recommended that affected versions be removed from your system. For more information, see the installation notes on the respective java.sun.com download pages.