cve-2008-3111
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
Summary
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=122331139823057&w=2
cve@mitre.orghttp://secunia.com/advisories/31010Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31055Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31320Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31497Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31600Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/31736
cve@mitre.orghttp://secunia.com/advisories/32018Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32179Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/32180Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/37386Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200911-02.xml
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1Patch
cve@mitre.orghttp://support.apple.com/kb/HT3178
cve@mitre.orghttp://support.apple.com/kb/HT3179
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0595.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2008-0790.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/494505/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/497041/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/30148
cve@mitre.orghttp://www.securitytracker.com/id?1020452
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA08-193A.htmlUS Government Resource
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2008-0016.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2056/referencesVendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2740Vendor Advisory
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-08-043/
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/43664
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=122331139823057&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31010Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31055Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31320Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31497Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31600Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31736
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32018Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32179Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32180Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37386Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1Patch
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3178
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3179
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0595.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0790.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/494505/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/497041/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30148
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020452
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-193A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0016.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2056/referencesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2740Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-08-043/
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/43664
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:40.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2008-09-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
          },
          {
            "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2"
          },
          {
            "name": "31600",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31600"
          },
          {
            "name": "SUSE-SA:2008:042",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html"
          },
          {
            "name": "32018",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32018"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "32179",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32179"
          },
          {
            "name": "ADV-2008-2740",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2740"
          },
          {
            "name": "31320",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31320"
          },
          {
            "name": "SUSE-SA:2008:043",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html"
          },
          {
            "name": "sun-javawebstart-unspecified-bo(43664)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664"
          },
          {
            "name": "ADV-2008-2056",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2056/references"
          },
          {
            "name": "238905",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1"
          },
          {
            "name": "31055",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31055"
          },
          {
            "name": "32180",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32180"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
          },
          {
            "name": "31736",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31736"
          },
          {
            "name": "oval:org.mitre.oval:def:10541",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3178"
          },
          {
            "name": "1020452",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020452"
          },
          {
            "name": "30148",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30148"
          },
          {
            "name": "31497",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31497"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/"
          },
          {
            "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
          },
          {
            "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded"
          },
          {
            "name": "SUSE-SA:2008:045",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html"
          },
          {
            "name": "RHSA-2008:0790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html"
          },
          {
            "name": "TA08-193A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3179"
          },
          {
            "name": "RHSA-2008:0595",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html"
          },
          {
            "name": "31010",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-07-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "APPLE-SA-2008-09-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
        },
        {
          "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2"
        },
        {
          "name": "31600",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31600"
        },
        {
          "name": "SUSE-SA:2008:042",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html"
        },
        {
          "name": "32018",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32018"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "32179",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32179"
        },
        {
          "name": "ADV-2008-2740",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2740"
        },
        {
          "name": "31320",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31320"
        },
        {
          "name": "SUSE-SA:2008:043",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html"
        },
        {
          "name": "sun-javawebstart-unspecified-bo(43664)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664"
        },
        {
          "name": "ADV-2008-2056",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2056/references"
        },
        {
          "name": "238905",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1"
        },
        {
          "name": "31055",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31055"
        },
        {
          "name": "32180",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32180"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
        },
        {
          "name": "31736",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31736"
        },
        {
          "name": "oval:org.mitre.oval:def:10541",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3178"
        },
        {
          "name": "1020452",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020452"
        },
        {
          "name": "30148",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30148"
        },
        {
          "name": "31497",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31497"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/"
        },
        {
          "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
        },
        {
          "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded"
        },
        {
          "name": "SUSE-SA:2008:045",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html"
        },
        {
          "name": "RHSA-2008:0790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html"
        },
        {
          "name": "TA08-193A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3179"
        },
        {
          "name": "RHSA-2008:0595",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html"
        },
        {
          "name": "31010",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31010"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2008-09-24",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
            },
            {
              "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2"
            },
            {
              "name": "31600",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31600"
            },
            {
              "name": "SUSE-SA:2008:042",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html"
            },
            {
              "name": "32018",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32018"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "32179",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32179"
            },
            {
              "name": "ADV-2008-2740",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2740"
            },
            {
              "name": "31320",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31320"
            },
            {
              "name": "SUSE-SA:2008:043",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html"
            },
            {
              "name": "sun-javawebstart-unspecified-bo(43664)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664"
            },
            {
              "name": "ADV-2008-2056",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2056/references"
            },
            {
              "name": "238905",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1"
            },
            {
              "name": "31055",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31055"
            },
            {
              "name": "32180",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32180"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
            },
            {
              "name": "31736",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31736"
            },
            {
              "name": "oval:org.mitre.oval:def:10541",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541"
            },
            {
              "name": "http://support.apple.com/kb/HT3178",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3178"
            },
            {
              "name": "1020452",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020452"
            },
            {
              "name": "30148",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30148"
            },
            {
              "name": "31497",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31497"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/"
            },
            {
              "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
            },
            {
              "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded"
            },
            {
              "name": "SUSE-SA:2008:045",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html"
            },
            {
              "name": "RHSA-2008:0790",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html"
            },
            {
              "name": "TA08-193A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "http://support.apple.com/kb/HT3179",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3179"
            },
            {
              "name": "RHSA-2008:0595",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html"
            },
            {
              "name": "31010",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31010"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3111",
    "datePublished": "2008-07-09T23:00:00",
    "dateReserved": "2008-07-09T00:00:00",
    "dateUpdated": "2024-08-07T09:28:40.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3111\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-07-09T23:41:00.000\",\"lastModified\":\"2024-11-21T00:48:27.347\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en Sun Java Web Start en JDK y JRE versi\u00f3n 6 anterior a la Actualizaci\u00f3n 4, JDK y JRE versi\u00f3n 5.0 anterior a la Actualizaci\u00f3n 16, y SDK y JRE versi\u00f3n 1.4.x anterior a 1.4.2_18, permiten a los atacantes dependiendo del contexto obtener privilegios por medio de una aplicaci\u00f3n no confiable, como se ha demostrado por (a) una aplicaci\u00f3n que otorga privilegios para s\u00ed mismo (1) leer archivos locales, (2) escribir en archivos locales, o (3) ejecutar programas locales; y como lo demuestra por (b) un valor largo asociado con un atributo java-vm-args en una etiqueta j2se en un archivo JNLP, que activa un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en la funci\u00f3n GetVMArgsOption; tambi\u00e9n se conoce como CR 6557220.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BB00A29-FEBB-4139-9E96-691EC1410EFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD8CC179-F76E-4CC2-9CBD-69CBBA5BD532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2DC7389-9697-4EF0-9C4E-153731CDD75D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5F476C8-5466-4E6B-B73B-4ACFBB02AD5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8C7C8C1-AA0D-4BD9-A8EC-85BBE627DE13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF0844B-ECB1-4AF0-AA32-1B8789AC5042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EFEB813-B20D-4C8B-922D-0603CB93F72A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"25322D24-C5D9-43A6-87CC-1BF7FA6A3E76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"400FDCDE-16DE-4BD6-81E2-4A5DA12E99CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"82C49C78-ACE3-407D-AE21-EA180633C437\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F91F8A2-D473-48DC-81DA-21291DE7B6E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E46B3B4-9E1C-4C87-A4CD-C4CE7FBCA7F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F69C703-8541-4AA8-A66A-0292E0FCB749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E08AB2-49AD-42C6-967F-773F2C6E188A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"9459F130-A3DD-4A4E-9582-4FB82619EB5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C9F6EA8-6A88-4485-89A3-0FDF84AB51DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"67E0818A-3675-4293-89FE-5001E36C0F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"95112B98-B6B2-43FA-BF76-F518649CF3BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D73559DD-54B4-4DF2-81BC-9109DB29DCCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27A472AF-049D-4D63-841C-1EF737E8D64D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB48B161-C239-4BB5-8667-7ACA5A5437F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83629616-1814-4858-B09F-79BEA82D6F55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E8F351-F900-436E-A726-55AE31FBF832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F76B79C6-ADD0-4992-A4BD-423A0AD38714\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBFD41B5-6E33-4B00-81E8-9D91B0A03BD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"685D3F7F-30B9-4EB8-90FC-66A2A067A510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D102063B-2434-4141-98E7-2DE501AE1728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03B8CD03-CD31-4F4D-BA90-59435578A4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41A994BF-1F64-480A-8AA5-748DDD0AB68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88519F2D-AD06-4F05-BEDA-A09216F1B481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC728978-368D-4B36-B149-70473E92BD1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD5187B1-CB86-48E8-A595-9FCFD9822C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C660DE4-543A-4E9B-825D-CD099D08CBD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C1942E-16C0-4EB2-AB57-43EC6EC9C3A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"318719C9-7B01-4021-B2EF-8341254DFE6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB8FA9BA-51CA-4473-9FE1-9A32FB8C8041\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A2379FC-BC33-4C90-97DD-ED3723172008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"86A1256D-7A34-4FDD-9536-82FD6497A712\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BB5E47A-8C17-4995-9EF8-01BFA0B702B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"9300FA38-C234-4BD8-ADB6-D2A29EBA81DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"C87F6EE3-F66B-4F15-89BA-26A4D3AD2556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"56F0F497-6586-408B-80AF-6BC2B9909397\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E022C6E-20DE-4124-9CA3-11400E13A05A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D594E269-D722-45FC-B390-B0D38ADEC923\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CAA89D6-651A-4B8C-A134-C3A2CB84002A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B930EAFB-F2E6-4FCA-A21B-022656396A2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B20EB5F-D12A-4267-9887-C39A188EB9AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"52347FDC-9983-4A64-8031-B4A50DDC9BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"C95654B3-ACA0-4B0D-9F31-B9C5FB7B9C96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"8387A041-582A-4010-9C44-672090F41A72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1F2D335-CDDF-4D2E-80CA-F1A0AF92501A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F98D2BD-2AC1-4C4C-8A10-71093DCBC4E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDC09958-5286-4C16-AB6F-63B4BDD902B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE1E9E9-85EF-4ACA-902B-00225EB4324F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB5DB61B-ED8B-46E6-AF81-8251682D22A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"002CA86D-3090-4C7A-947A-21CB5D1ADD98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C4CA79-9D0A-4E47-A1A4-9CBEDDCFE05E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF4E34FD-D927-42BB-8A16-031D77CB4B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37A3D49A-BE20-47BF-A85F-122357BAB098\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F45DB5D3-7F35-4531-9A82-24EB50034787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4695F707-12E8-4BA4-BBE1-C21CB7213A2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C918FB49-DA13-4326-BE86-6F6BEA4CE4E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5573CAD1-39D1-4ADB-BB95-EBB554B43B4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD02EBDF-6E51-4538-9EDD-B1DE914D09C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53C3C0E3-5F40-412B-A4AD-A7A291DE2A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36888382-79C8-4C97-A654-C668CD68556F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F34C99E6-F9F0-4EF3-8601-B47EAE3D7273\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74DD08D-CEDB-460E-BED5-78F6CAF18BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60560EC-6DBD-4A17-BFFA-FAD9193A0BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F64FBC-DC97-4FE3-A235-18B87945AF7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85048406-9051-4E69-94A8-5C449F3B89E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C88DD7-0B46-4405-BD35-60D27E2DBA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08D23B7C-7B8C-41B8-8D94-BB0F27C7F0A8\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31010\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31320\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31497\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31600\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31736\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32018\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32179\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32180\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.apple.com/kb/HT3178\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3179\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0595.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0790.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/494505/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/497041/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/30148\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1020452\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-193A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0016.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2056/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2740\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-08-043/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43664\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31010\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/31736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32180\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://support.apple.com/kb/HT3178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0595.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0790.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/494505/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/497041/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-193A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2056/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2740\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-08-043/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/43664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.