cvelistv5 - cve-2008-0628

CVE-2008-0628 (GCVE-0-2008-0628)

Vulnerability from cvelistv5 – Published: 2008-02-06 20:00 – Updated: 2024-08-07 07:54

Summary

The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/29841	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/27553	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://dev2dev.bea.com/pub/advisory/277	vendor-advisoryx_refsource_BEA
	http://www.securityfocus.com/archive/1/487434/100…	mailing-listx_refsource_BUGTRAQ
	http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/28746	third-party-advisoryx_refsource_SECUNIA
	http://securityreason.com/securityalert/3621	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/29858	third-party-advisoryx_refsource_SECUNIA
	http://scary.beasts.org/security/CESA-2007-002.html	x_refsource_MISC
	http://www.vupen.com/english/advisories/2008/1252	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/30780	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0371	vdb-entryx_refsource_VUPEN
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
	http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
	http://www.securitytracker.com/id?1019292	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:22.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "29841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29841"
          },
          {
            "name": "RHSA-2008:0245",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
          },
          {
            "name": "27553",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27553"
          },
          {
            "name": "oval:org.mitre.oval:def:9847",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
          },
          {
            "name": "BEA08-201.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/277"
          },
          {
            "name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "28746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28746"
          },
          {
            "name": "3621",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3621"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://scary.beasts.org/security/CESA-2007-002.html"
          },
          {
            "name": "ADV-2008-1252",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1252"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "ADV-2008-0371",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0371"
          },
          {
            "name": "231246",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "name": "1019292",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019292"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "29841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29841"
        },
        {
          "name": "RHSA-2008:0245",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
        },
        {
          "name": "27553",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27553"
        },
        {
          "name": "oval:org.mitre.oval:def:9847",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
        },
        {
          "name": "BEA08-201.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/277"
        },
        {
          "name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "28746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28746"
        },
        {
          "name": "3621",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3621"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://scary.beasts.org/security/CESA-2007-002.html"
        },
        {
          "name": "ADV-2008-1252",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1252"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "ADV-2008-0371",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0371"
        },
        {
          "name": "231246",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        },
        {
          "name": "1019292",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019292"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0628",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "29841",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29841"
            },
            {
              "name": "RHSA-2008:0245",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
            },
            {
              "name": "27553",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27553"
            },
            {
              "name": "oval:org.mitre.oval:def:9847",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
            },
            {
              "name": "BEA08-201.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/277"
            },
            {
              "name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "28746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28746"
            },
            {
              "name": "3621",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3621"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "http://scary.beasts.org/security/CESA-2007-002.html",
              "refsource": "MISC",
              "url": "http://scary.beasts.org/security/CESA-2007-002.html"
            },
            {
              "name": "ADV-2008-1252",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1252"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "ADV-2008-0371",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0371"
            },
            {
              "name": "231246",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "1019292",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019292"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0628",
    "datePublished": "2008-02-06T20:00:00",
    "dateReserved": "2008-02-06T00:00:00",
    "dateUpdated": "2024-08-07T07:54:22.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jdk:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8502A8C5-0219-406B-8DAA-BF35BCD6DC94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.6.0\", \"matchCriteriaId\": \"EAB2C9C2-F685-450B-9980-553966FC3B63\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \\\"external general entities\\\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.\"}, {\"lang\": \"es\", \"value\": \"El c\\u00f3digo de an\\u00e1lisis sint\\u00e1ctico de XML en Sun Java Runtime Environment JDK y JRE 6 actualizaci\\u00f3n 3 y anteriores. Procesa  referencias a entidades externas incluso cuando la propiedad \\\"external general entities (entidades generales externas)\\\" es falsa, lo que permite a atacantes remotos llevar a cabo ataques de entidades externas XML (XXE) y provocar una denegaci\\u00f3n de servicio o acceso restringido a recursos.\"}]",
      "id": "CVE-2008-0628",
      "lastModified": "2024-11-21T00:42:32.610",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 7.8, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-02-06T21:00:00.000",
      "references": "[{\"url\": \"http://dev2dev.bea.com/pub/advisory/277\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://scary.beasts.org/security/CESA-2007-002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28746\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29841\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29858\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/30780\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200804-28.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3621\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0245.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487434/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27553\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019292\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0371\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1252\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://dev2dev.bea.com/pub/advisory/277\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://scary.beasts.org/security/CESA-2007-002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28746\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29841\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29858\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30780\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200804-28.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3621\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2008-0245.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/487434/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0371\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0628\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-02-06T21:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \\\"external general entities\\\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.\"},{\"lang\":\"es\",\"value\":\"El c\u00f3digo de an\u00e1lisis sint\u00e1ctico de XML en Sun Java Runtime Environment JDK y JRE 6 actualizaci\u00f3n 3 y anteriores. Procesa  referencias a entidades externas incluso cuando la propiedad \\\"external general entities (entidades generales externas)\\\" es falsa, lo que permite a atacantes remotos llevar a cabo ataques de entidades externas XML (XXE) y provocar una denegaci\u00f3n de servicio o acceso restringido a recursos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":7.8,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8502A8C5-0219-406B-8DAA-BF35BCD6DC94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.6.0\",\"matchCriteriaId\":\"EAB2C9C2-F685-450B-9980-553966FC3B63\"}]}]}],\"references\":[{\"url\":\"http://dev2dev.bea.com/pub/advisory/277\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://scary.beasts.org/security/CESA-2007-002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28746\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29841\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29858\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/30780\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200804-28.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3621\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0245.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/487434/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27553\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019292\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0371\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1252\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://dev2dev.bea.com/pub/advisory/277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://scary.beasts.org/security/CESA-2007-002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200804-28.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0245.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/487434/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-0628

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0628

Aliases

CVE-2008-0628

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0628",
    "description": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
    "id": "GSD-2008-0628",
    "references": [
      "https://access.redhat.com/errata/RHSA-2008:0245"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0628"
      ],
      "details": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
      "id": "GSD-2008-0628",
      "modified": "2023-12-13T01:22:59.122909Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0628",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "29841",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29841"
          },
          {
            "name": "RHSA-2008:0245",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
          },
          {
            "name": "27553",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27553"
          },
          {
            "name": "oval:org.mitre.oval:def:9847",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
          },
          {
            "name": "BEA08-201.00",
            "refsource": "BEA",
            "url": "http://dev2dev.bea.com/pub/advisory/277"
          },
          {
            "name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
          },
          {
            "name": "GLSA-200804-28",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "28746",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28746"
          },
          {
            "name": "3621",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3621"
          },
          {
            "name": "29858",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "http://scary.beasts.org/security/CESA-2007-002.html",
            "refsource": "MISC",
            "url": "http://scary.beasts.org/security/CESA-2007-002.html"
          },
          {
            "name": "ADV-2008-1252",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1252"
          },
          {
            "name": "30780",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "ADV-2008-0371",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0371"
          },
          {
            "name": "231246",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
          },
          {
            "name": "GLSA-200804-20",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "name": "1019292",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019292"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sun:jdk:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0628"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://scary.beasts.org/security/CESA-2007-002.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://scary.beasts.org/security/CESA-2007-002.html"
            },
            {
              "name": "231246",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
            },
            {
              "name": "1019292",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019292"
            },
            {
              "name": "28746",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28746"
            },
            {
              "name": "3621",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3621"
            },
            {
              "name": "BEA08-201.00",
              "refsource": "BEA",
              "tags": [],
              "url": "http://dev2dev.bea.com/pub/advisory/277"
            },
            {
              "name": "27553",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27553"
            },
            {
              "name": "29841",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29841"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "RHSA-2008:0245",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "ADV-2008-1252",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1252"
            },
            {
              "name": "ADV-2008-0371",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0371"
            },
            {
              "name": "oval:org.mitre.oval:def:9847",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
            },
            {
              "name": "20080202 Sun JRE / JDK bug introduces XXE possibilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 7.8,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T22:02Z",
      "publishedDate": "2008-02-06T21:00Z"
    }
  }
}

GHSA-878M-JP48-9823

Vulnerability from github – Published: 2022-05-01 23:31 – Updated: 2022-05-01 23:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0628"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-06T21:00:00Z",
    "severity": "HIGH"
  },
  "details": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
  "id": "GHSA-878m-jp48-9823",
  "modified": "2022-05-01T23:31:53Z",
  "published": "2022-05-01T23:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
    },
    {
      "type": "WEB",
      "url": "http://dev2dev.bea.com/pub/advisory/277"
    },
    {
      "type": "WEB",
      "url": "http://scary.beasts.org/security/CESA-2007-002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28746"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29841"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3621"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27553"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019292"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0371"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1252"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-0628

Vulnerability from fkie_nvd - Published: 2008-02-06 21:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://dev2dev.bea.com/pub/advisory/277
cve@mitre.org	http://scary.beasts.org/security/CESA-2007-002.html
cve@mitre.org	http://secunia.com/advisories/28746	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29841
cve@mitre.org	http://secunia.com/advisories/29858
cve@mitre.org	http://secunia.com/advisories/30780
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200804-28.xml
cve@mitre.org	http://securityreason.com/securityalert/3621
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0245.html
cve@mitre.org	http://www.securityfocus.com/archive/1/487434/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/27553
cve@mitre.org	http://www.securitytracker.com/id?1019292
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0371
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1252
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847
af854a3a-2127-422b-91ae-364da2661108	http://dev2dev.bea.com/pub/advisory/277
af854a3a-2127-422b-91ae-364da2661108	http://scary.beasts.org/security/CESA-2007-002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28746	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29841
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29858
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30780
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200804-28.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3621
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0245.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/487434/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27553
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019292
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0371
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1252
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847

Impacted products

	Vendor	Product	Version
	sun	jdk	1.6
	sun	jre	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8502A8C5-0219-406B-8DAA-BF35BCD6DC94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*",
              "matchCriteriaId": "EAB2C9C2-F685-450B-9980-553966FC3B63",
              "versionEndIncluding": "1.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources."
    },
    {
      "lang": "es",
      "value": "El c\u00f3digo de an\u00e1lisis sint\u00e1ctico de XML en Sun Java Runtime Environment JDK y JRE 6 actualizaci\u00f3n 3 y anteriores. Procesa  referencias a entidades externas incluso cuando la propiedad \"external general entities (entidades generales externas)\" es falsa, lo que permite a atacantes remotos llevar a cabo ataques de entidades externas XML (XXE) y provocar una denegaci\u00f3n de servicio o acceso restringido a recursos."
    }
  ],
  "id": "CVE-2008-0628",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-02-06T21:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dev2dev.bea.com/pub/advisory/277"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://scary.beasts.org/security/CESA-2007-002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28746"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29841"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3621"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27553"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019292"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0371"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1252"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev2dev.bea.com/pub/advisory/277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://scary.beasts.org/security/CESA-2007-002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/487434/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

RHSA-2008_0245

Vulnerability from csaf_redhat - Published: 2008-04-28 09:22 - Updated: 2024-11-14 10:06

Summary

Red Hat Security Advisory: java-1.6.0-bea security update

Notes

Topic

Updated java-1.6.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.6.0_03, and are certified for the Java 6 Platform, Standard Edition, v1.6.0. The Java XML parsing code processed external entity references even when the "external general entities" property was set to "FALSE". This allowed remote attackers to conduct XML External Entity (XXE) attacks, possibly causing a denial of service, or gaining access to restricted resources. (CVE-2008-0628) A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1187) A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possible execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193) A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash). (CVE-2008-1194) The vulnerabilities concerning applets listed above can only be triggered in java-1.6.0-bea, by calling the "appletviewer" application. Users of java-1.6.0-bea are advised to upgrade to these updated packages, which resolve these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated java-1.6.0-bea packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 5 Supplementary. \n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit\nVirtual Machine 1.6.0_03, and are certified for the Java 6 Platform,\nStandard Edition, v1.6.0.\n\nThe Java XML parsing code processed external entity references even when\nthe \"external general entities\" property was set to \"FALSE\". This allowed\nremote attackers to conduct XML External Entity (XXE) attacks, possibly\ncausing a denial of service, or gaining access to restricted resources.\n(CVE-2008-0628)\n\nA flaw was found in the Java XSLT processing classes. An untrusted\napplication or applet could cause a denial of service, or execute arbitrary\ncode with the permissions of the user running the JRE. (CVE-2008-1187)\n\nA flaw was found in the JRE image parsing libraries. An untrusted\napplication or applet could cause a denial of service, or possible execute\narbitrary code with the permissions of the user running the JRE.\n(CVE-2008-1193)\n\nA flaw was found in the JRE color management library. An untrusted\napplication or applet could trigger a denial of service (JVM crash).\n(CVE-2008-1194)\n\nThe vulnerabilities concerning applets listed above can only be triggered\nin java-1.6.0-bea, by calling the \"appletviewer\" application.\n\nUsers of java-1.6.0-bea are advised to upgrade to these updated packages,\nwhich resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0245",
        "url": "https://access.redhat.com/errata/RHSA-2008:0245"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#moderate",
        "url": "http://www.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "431416",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416"
      },
      {
        "category": "external",
        "summary": "436030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
      },
      {
        "category": "external",
        "summary": "436296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0245.json"
      }
    ],
    "title": "Red Hat Security Advisory: java-1.6.0-bea security update",
    "tracking": {
      "current_release_date": "2024-11-14T10:06:09+00:00",
      "generator": {
        "date": "2024-11-14T10:06:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2008:0245",
      "initial_release_date": "2008-04-28T09:22:00+00:00",
      "revision_history": [
        {
          "date": "2008-04-28T09:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-04-28T05:22:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:06:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-0628",
      "discovery_date": "2008-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "431416"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "java-1.6.0 default external entity processing",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0628"
        },
        {
          "category": "external",
          "summary": "RHBZ#431416",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0628"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628"
        }
      ],
      "release_date": "2008-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:22:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0245"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "java-1.6.0 default external entity processing"
    },
    {
      "cve": "CVE-2008-1187",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436030"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Untrusted applet and application XSLT processing privilege escalation",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1187"
        },
        {
          "category": "external",
          "summary": "RHBZ#436030",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:22:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0245"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Untrusted applet and application XSLT processing privilege escalation"
    },
    {
      "cve": "CVE-2008-1193",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1193"
        },
        {
          "category": "external",
          "summary": "RHBZ#436296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:22:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0245"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
    },
    {
      "cve": "CVE-2008-1194",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1194"
        },
        {
          "category": "external",
          "summary": "RHBZ#436296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1194",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1194"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:22:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0245"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
    }
  ]
}

RHSA-2008:0245

Vulnerability from csaf_redhat - Published: 2008-04-28 09:22 - Updated: 2025-11-21 17:33

Summary

Red Hat Security Advisory: java-1.6.0-bea security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated java-1.6.0-bea packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 5 Supplementary. \n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The BEA WebLogic JRockit 1.6.0_03 JRE and SDK contain BEA WebLogic JRockit\nVirtual Machine 1.6.0_03, and are certified for the Java 6 Platform,\nStandard Edition, v1.6.0.\n\nThe Java XML parsing code processed external entity references even when\nthe \"external general entities\" property was set to \"FALSE\". This allowed\nremote attackers to conduct XML External Entity (XXE) attacks, possibly\ncausing a denial of service, or gaining access to restricted resources.\n(CVE-2008-0628)\n\nA flaw was found in the Java XSLT processing classes. An untrusted\napplication or applet could cause a denial of service, or execute arbitrary\ncode with the permissions of the user running the JRE. (CVE-2008-1187)\n\nA flaw was found in the JRE image parsing libraries. An untrusted\napplication or applet could cause a denial of service, or possible execute\narbitrary code with the permissions of the user running the JRE.\n(CVE-2008-1193)\n\nA flaw was found in the JRE color management library. An untrusted\napplication or applet could trigger a denial of service (JVM crash).\n(CVE-2008-1194)\n\nThe vulnerabilities concerning applets listed above can only be triggered\nin java-1.6.0-bea, by calling the \"appletviewer\" application.\n\nUsers of java-1.6.0-bea are advised to upgrade to these updated packages,\nwhich resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0245",
        "url": "https://access.redhat.com/errata/RHSA-2008:0245"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#moderate",
        "url": "http://www.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "431416",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416"
      },
      {
        "category": "external",
        "summary": "436030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
      },
      {
        "category": "external",
        "summary": "436296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0245.json"
      }
    ],
    "title": "Red Hat Security Advisory: java-1.6.0-bea security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:33:12+00:00",
      "generator": {
        "date": "2025-11-21T17:33:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2008:0245",
      "initial_release_date": "2008-04-28T09:22:00+00:00",
      "revision_history": [
        {
          "date": "2008-04-28T09:22:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-04-28T05:22:21+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:33:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
                  "product_id": "5Client-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)",
                  "product_id": "5Server-Supplementary",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
                "product": {
                  "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-demo@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-devel@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-src@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-missioncontrol@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea-jdbc@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
                "product": {
                  "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_id": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.6.0-bea@1.6.0.03-1jpp.2.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)",
          "product_id": "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Client-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686"
        },
        "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
        "relates_to_product_reference": "5Server-Supplementary"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)",
          "product_id": "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        },
        "product_reference": "java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
        "relates_to_product_reference": "5Server-Supplementary"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-0628",
      "discovery_date": "2008-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "431416"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the \"external general entities\" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "java-1.6.0 default external entity processing",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0628"
        },
        {
          "category": "external",
          "summary": "RHBZ#431416",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431416"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0628"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0628"
        }
      ],
      "release_date": "2008-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:22:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0245"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "java-1.6.0 default external entity processing"
    },
    {
      "cve": "CVE-2008-1187",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436030"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Untrusted applet and application XSLT processing privilege escalation",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1187"
        },
        {
          "category": "external",
          "summary": "RHBZ#436030",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:22:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0245"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Untrusted applet and application XSLT processing privilege escalation"
    },
    {
      "cve": "CVE-2008-1193",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1193"
        },
        {
          "category": "external",
          "summary": "RHBZ#436296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:22:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0245"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
    },
    {
      "cve": "CVE-2008-1194",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
          "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1194"
        },
        {
          "category": "external",
          "summary": "RHBZ#436296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1194",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1194"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-28T09:22:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Client-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-demo-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-devel-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-jdbc-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-missioncontrol-1:1.6.0.03-1jpp.2.el5.x86_64",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.i686",
            "5Server-Supplementary:java-1.6.0-bea-src-1:1.6.0.03-1jpp.2.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0245"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
    }
  ]
}

CERTA-2008-AVI-216

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans BEA JRockit permettent à un utilisateur distant de provoquer un déni de service, d'élever ses privilèges, ou d'exécuter du code arbitraire.

Description

BEA JRockit s'appuie sur la machine virtuelle java de SUN pour fonctionner. A ce titre, les vulnérabilités identifiées dans ce logiciel s'appliquent également à JRockit. Ainsi, il est possible à un utilisateur distant de provoquer un déni de service, d'élever ses privilèges ou d'exécuter du code arbitraire sur le système vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

BEA JRockit versions 1.X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité BEA BEA08-201.00

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBEA JRockit versions 1.X.\u003c/p\u003e",
  "content": "## Description\n\nBEA JRockit s\u0027appuie sur la machine virtuelle java de SUN pour\nfonctionner. A ce titre, les vuln\u00e9rabilit\u00e9s identifi\u00e9es dans ce logiciel\ns\u0027appliquent \u00e9galement \u00e0 JRockit. Ainsi, il est possible \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses\nprivil\u00e8ges ou d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
    },
    {
      "name": "CVE-2008-0657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0657"
    },
    {
      "name": "CVE-2008-0628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0628"
    },
    {
      "name": "CVE-2008-1187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
    },
    {
      "name": "CVE-2008-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1192"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-216",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans BEA JRockit permettent \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses\nprivil\u00e8ges, ou d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans BEA JRockit",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 BEA BEA08-201.00",
      "url": "http://dev2.dev.bea.com/pub/advisory/277"
    }
  ]
}

CERTA-2008-AVI-216

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans BEA JRockit permettent à un utilisateur distant de provoquer un déni de service, d'élever ses privilèges, ou d'exécuter du code arbitraire.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

BEA JRockit versions 1.X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité BEA BEA08-201.00

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBEA JRockit versions 1.X.\u003c/p\u003e",
  "content": "## Description\n\nBEA JRockit s\u0027appuie sur la machine virtuelle java de SUN pour\nfonctionner. A ce titre, les vuln\u00e9rabilit\u00e9s identifi\u00e9es dans ce logiciel\ns\u0027appliquent \u00e9galement \u00e0 JRockit. Ainsi, il est possible \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses\nprivil\u00e8ges ou d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
    },
    {
      "name": "CVE-2008-0657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0657"
    },
    {
      "name": "CVE-2008-0628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0628"
    },
    {
      "name": "CVE-2008-1187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
    },
    {
      "name": "CVE-2008-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1192"
    }
  ],
  "links": [],
  "reference": "CERTA-2008-AVI-216",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans BEA JRockit permettent \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses\nprivil\u00e8ges, ou d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans BEA JRockit",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 BEA BEA08-201.00",
      "url": "http://dev2.dev.bea.com/pub/advisory/277"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0628 (GCVE-0-2008-0628)

GSD-2008-0628

GHSA-878M-JP48-9823

FKIE_CVE-2008-0628

RHSA-2008_0245

RHSA-2008:0245

CERTA-2008-AVI-216

Description

Solution

CERTA-2008-AVI-216

Description

Solution

Tags

Sightings

Nomenclature