Action not permitted
Modal body text goes here.
Modal Title
Modal Body
rhsa-2008_0638
Vulnerability from csaf_redhat
Published
2008-08-13 14:19
Modified
2024-11-14 10:06
Summary
Red Hat Security Advisory: Red Hat Network Satellite Server IBM Java Runtime security update
Notes
Topic
Red Hat Network Satellite Server version 5.1.1 is now available. This
update includes fixes for a number of security issues in the Red Hat
Network Satellite Server IBM Java Runtime Environment for IBM S/390 and IBM
System z architectures.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
This release corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite Server 5.1
for IBM S/390 and IBM System z architectures. In a typical operating
environment, these are of low security risk as the runtime is not used on
untrusted applets.
Multiple flaws were fixed in the IBM Java 1.5.0 Runtime Environment.
(CVE-2008-0657, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190,
CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196,
CVE-2008-3104, CVE-2008-3106, CVE-2008-3108, CVE-2008-3111, CVE-2008-3112,
CVE-2008-3113, CVE-2008-3114)
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in the Red Hat\nNetwork Satellite Server IBM Java Runtime Environment for IBM S/390 and IBM\nSystem z architectures.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", "title": "Topic" }, { "category": "general", "text": "This release corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server 5.1\nfor IBM S/390 and IBM System z architectures. In a typical operating\nenvironment, these are of low security risk as the runtime is not used on\nuntrusted applets.\n\nMultiple flaws were fixed in the IBM Java 1.5.0 Runtime Environment.\n(CVE-2008-0657, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190,\nCVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196,\nCVE-2008-3104, CVE-2008-3106, CVE-2008-3108, CVE-2008-3111, CVE-2008-3112,\nCVE-2008-3113, CVE-2008-3114)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0638", "url": "https://access.redhat.com/errata/RHSA-2008:0638" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "431861", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431861" }, { "category": "external", "summary": "436030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030" }, { "category": "external", "summary": "436293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436293" }, { "category": "external", "summary": "436295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436295" }, { "category": "external", "summary": "436296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296" }, { "category": "external", "summary": "436299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436299" }, { "category": "external", "summary": "436302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436302" }, { "category": "external", "summary": "452649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452649" }, { "category": "external", "summary": "454601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454601" }, { "category": "external", "summary": "454604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454604" }, { "category": "external", "summary": "454605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454605" }, { "category": "external", "summary": "454606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454606" }, { "category": "external", "summary": "454607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454607" }, { "category": "external", "summary": "454608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454608" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0638.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite Server IBM Java Runtime security update", "tracking": { "current_release_date": "2024-11-14T10:06:23+00:00", "generator": { "date": "2024-11-14T10:06:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2008:0638", "initial_release_date": "2008-08-13T14:19:00+00:00", "revision_history": [ { "date": "2008-08-13T14:19:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-08-13T10:19:37+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:06:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.1::el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.8-1jpp.1.el4?arch=s390x\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "product": { "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "product_id": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.8-1jpp.1.el4?arch=s390x\u0026epoch=1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "product": { "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "product_id": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.8-1jpp.1.el4?arch=s390\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "product": { "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "product_id": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.8-1jpp.1.el4?arch=s390\u0026epoch=1" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "relates_to_product_reference": "4AS-RHNSAT5.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x" }, "product_reference": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "relates_to_product_reference": "4AS-RHNSAT5.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "relates_to_product_reference": "4AS-RHNSAT5.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" }, "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x", "relates_to_product_reference": "4AS-RHNSAT5.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-0657", "discovery_date": "2008-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "431861" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.", "title": "Vulnerability description" }, { "category": "summary", "text": "java-1.5.0 Privilege escalation via unstrusted applet and application", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-0657" }, { "category": "external", "summary": "RHBZ#431861", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431861" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0657", "url": "https://www.cve.org/CVERecord?id=CVE-2008-0657" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0657", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0657" } ], "release_date": "2008-02-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "java-1.5.0 Privilege escalation via unstrusted applet and application" }, { "cve": "CVE-2008-1187", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436030" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.", "title": "Vulnerability description" }, { "category": "summary", "text": "Untrusted applet and application XSLT processing privilege escalation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1187" }, { "category": "external", "summary": "RHBZ#436030", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1187", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1187" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Untrusted applet and application XSLT processing privilege escalation" }, { "cve": "CVE-2008-1188", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436293" } ], "notes": [ { "category": "description", "text": "Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka \"The first two issues.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1188" }, { "category": "external", "summary": "RHBZ#436293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1188", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1188" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1188", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1188" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)" }, { "cve": "CVE-2008-1189", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436293" } ], "notes": [ { "category": "description", "text": "Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the \"third\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1189" }, { "category": "external", "summary": "RHBZ#436293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1189", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1189" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)" }, { "cve": "CVE-2008-1190", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436293" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the \"fourth\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1190" }, { "category": "external", "summary": "RHBZ#436293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436293" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1190", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1190" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)" }, { "cve": "CVE-2008-1192", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436295" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and \"execute local applications\" via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Plugin same-origin-policy bypass", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1192" }, { "category": "external", "summary": "RHBZ#436295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436295" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1192", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1192" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1192", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1192" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Plugin same-origin-policy bypass" }, { "cve": "CVE-2008-1193", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436296" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1193" }, { "category": "external", "summary": "RHBZ#436296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1193", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1193" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)" }, { "cve": "CVE-2008-1194", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436296" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1194" }, { "category": "external", "summary": "RHBZ#436296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1194", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1194" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)" }, { "cve": "CVE-2008-1195", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436299" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java-API calls in untrusted Javascript allow network privilege escalation", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1195" }, { "category": "external", "summary": "RHBZ#436299", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436299" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1195", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1195" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1195", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1195" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java-API calls in untrusted Javascript allow network privilege escalation" }, { "cve": "CVE-2008-1196", "discovery_date": "2008-03-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "436302" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.", "title": "Vulnerability description" }, { "category": "summary", "text": "Buffer overflow security vulnerabilities in Java Web Start", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-1196" }, { "category": "external", "summary": "RHBZ#436302", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436302" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1196", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1196" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1196", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1196" } ], "release_date": "2008-03-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Buffer overflow security vulnerabilities in Java Web Start" }, { "cve": "CVE-2008-3104", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454601" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to localhost services running on the machine that loaded the applet.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java RE allows Same Origin Policy to be Bypassed (6687932)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3104" }, { "category": "external", "summary": "RHBZ#454601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3104", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3104" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java RE allows Same Origin Policy to be Bypassed (6687932)" }, { "cve": "CVE-2008-3106", "discovery_date": "2008-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1618330" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3106" }, { "category": "external", "summary": "RHBZ#1618330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3106", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3106" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3106", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3106" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "security flaw" }, { "cve": "CVE-2008-3108", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454604" } ], "notes": [ { "category": "description", "text": "Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.", "title": "Vulnerability description" }, { "category": "summary", "text": "Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3108" }, { "category": "external", "summary": "RHBZ#454604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454604" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3108", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3108" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3108", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3108" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)" }, { "cve": "CVE-2008-3111", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454605" } ], "notes": [ { "category": "description", "text": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start Buffer overflow vulnerabilities (6557220)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3111" }, { "category": "external", "summary": "RHBZ#454605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454605" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3111", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3111" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3111", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3111" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Web Start Buffer overflow vulnerabilities (6557220)" }, { "cve": "CVE-2008-3112", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454606" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start, arbitrary file creation (6703909)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3112" }, { "category": "external", "summary": "RHBZ#454606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454606" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3112", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3112" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3112", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3112" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Web Start, arbitrary file creation (6703909)" }, { "cve": "CVE-2008-3113", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454607" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start arbitrary file creation/deletion file with user permissions (6704077)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3113" }, { "category": "external", "summary": "RHBZ#454607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454607" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3113", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3113" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Web Start arbitrary file creation/deletion file with user permissions (6704077)" }, { "cve": "CVE-2008-3114", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454608" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start, untrusted application may determine Cache Location (6704074)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3114" }, { "category": "external", "summary": "RHBZ#454608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454608" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3114" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390", "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0638" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java Web Start, untrusted application may determine Cache Location (6704074)" } ] }
cve-2008-1188
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.778Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019549" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-009/" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-010/" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "javawebstart-multiple-unspecified-bo(41133)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41133" }, { "name": "oval:org.mitre.oval:def:11209", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka \"The first two issues.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019549" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-009/" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-010/" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "javawebstart-multiple-unspecified-bo(41133)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41133" }, { "name": "oval:org.mitre.oval:def:11209", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1188", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka \"The first two issues.\"" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019549" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-009/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-009/" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-010/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-010/" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "javawebstart-multiple-unspecified-bo(41133)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41133" }, { "name": "oval:org.mitre.oval:def:11209", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1188", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-0657
Vulnerability from cvelistv5
Published
2008-02-07 20:00
Modified
2024-08-07 07:54
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T07:54:23.245Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29841" }, { "name": "oval:org.mitre.oval:def:11505", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11505" }, { "name": "27650", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/27650" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "ADV-2008-0429", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0429" }, { "name": "231261", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1" }, { "name": "1019308", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019308" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "28795", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28795" }, { "name": "RHSA-2008:0156", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "28888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/28888" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "29214", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29214" }, { "name": "RHSA-2008:0123", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0123.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-02-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29841" }, { "name": "oval:org.mitre.oval:def:11505", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11505" }, { "name": "27650", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/27650" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "ADV-2008-0429", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0429" }, { "name": "231261", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1" }, { "name": "1019308", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019308" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "28795", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28795" }, { "name": "RHSA-2008:0156", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "28888", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/28888" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "29214", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29214" }, { "name": "RHSA-2008:0123", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0123.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0657", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29841" }, { "name": "oval:org.mitre.oval:def:11505", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11505" }, { "name": "27650", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27650" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "ADV-2008-0429", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0429" }, { "name": "231261", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1" }, { "name": "1019308", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019308" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "ADV-2008-1252", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "28795", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28795" }, { "name": "RHSA-2008:0156", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0156.html" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "28888", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28888" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "29214", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29214" }, { "name": "RHSA-2008:0123", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0123.html" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0657", "datePublished": "2008-02-07T20:00:00", "dateReserved": "2008-02-07T00:00:00", "dateUpdated": "2024-08-07T07:54:23.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3113
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32826" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "sun-javawebstart-file-manipulation(43667)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43667" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:10454", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32826" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "sun-javawebstart-file-manipulation(43667)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43667" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:10454", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3113", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32826" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "sun-javawebstart-file-manipulation(43667)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43667" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:10454", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3113", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3104
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "sun-jre-unspecified-security-bypass(43662)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662" }, { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "1020459", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020459" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "238968", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35065" }, { "name": "30140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30140" }, { "name": "33236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33236" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31269" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:1045", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "33238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33238" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9565", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to localhost services running on the machine that loaded the applet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "sun-jre-unspecified-security-bypass(43662)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662" }, { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "1020459", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020459" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "238968", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35065" }, { "name": "30140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30140" }, { "name": "33236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33236" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31269" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:1045", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "33238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33238" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9565", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3104", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to localhost services running on the machine that loaded the applet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "sun-jre-unspecified-security-bypass(43662)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662" }, { "name": "RHSA-2008:1044", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32826" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "1020459", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020459" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "238968", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1" }, { "name": "33194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "33237", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065" }, { "name": "30140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30140" }, { "name": "33236", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33236" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31269", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31269" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:1045", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "33238", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33238" }, { "name": "SUSE-SR:2008:028", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9565", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3104", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1187
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "29999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29999" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29841" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "RHSA-2008:0245", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "RHSA-2008:0243", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0243.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "31586", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31586" }, { "name": "java-virtualmachine-multiple-priv-escalation(41025)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41025" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~" }, { "name": "JVNDB-2008-000016", "tags": [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred" ], "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "JVN#04032535", "tags": [ "third-party-advisory", "x_refsource_JVN", "x_transferred" ], "url": "http://jvn.jp/en/jp/JVN04032535/index.html" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "1019548", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019548" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "31067", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31067" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30003" }, { "name": "233322", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0555", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0555.html" }, { "name": "31580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31580" }, { "name": "oval:org.mitre.oval:def:10278", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "29999", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29999" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29841" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "RHSA-2008:0245", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "RHSA-2008:0243", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0243.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "31586", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31586" }, { "name": "java-virtualmachine-multiple-priv-escalation(41025)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41025" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~" }, { "name": "JVNDB-2008-000016", "tags": [ "third-party-advisory", "x_refsource_JVNDB" ], "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "JVN#04032535", "tags": [ "third-party-advisory", "x_refsource_JVN" ], "url": "http://jvn.jp/en/jp/JVN04032535/index.html" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "1019548", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019548" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "31067", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31067" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30003" }, { "name": "233322", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0555", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0555.html" }, { "name": "31580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31580" }, { "name": "oval:org.mitre.oval:def:10278", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1187", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "29999", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29999" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29841" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "RHSA-2008:0245", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "RHSA-2008:0243", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0243.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "31586", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31586" }, { "name": "java-virtualmachine-multiple-priv-escalation(41025)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41025" }, { "name": "http://download.novell.com/Download?buildid=q5exhSqeBjA~", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~" }, { "name": "JVNDB-2008-000016", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "JVN#04032535", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN04032535/index.html" }, { "name": "BEA08-201.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "1019548", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019548" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "31067", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31067" }, { "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30003" }, { "name": "233322", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0555", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0555.html" }, { "name": "31580", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31580" }, { "name": "oval:org.mitre.oval:def:10278", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1187", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1189
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.851Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019549" }, { "name": "javawebstart-unspecified-bo(41135)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41135" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "javawebstart-multiple-unspecified-bo(41133)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41133" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "oval:org.mitre.oval:def:9582", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9582" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the \"third\" issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019549" }, { "name": "javawebstart-unspecified-bo(41135)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41135" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "javawebstart-multiple-unspecified-bo(41133)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41133" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "oval:org.mitre.oval:def:9582", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9582" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1189", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the \"third\" issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019549" }, { "name": "javawebstart-unspecified-bo(41135)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41135" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "javawebstart-multiple-unspecified-bo(41133)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41133" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "oval:org.mitre.oval:def:9582", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9582" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1189", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.851Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1192
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.705Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "233324", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29841" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "oval:org.mitre.oval:def:11813", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813" }, { "name": "java-plugin-unspecified-security-bypass(41031)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41031" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "1019550", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019550" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and \"execute local applications\" via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "233324", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29841" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "oval:org.mitre.oval:def:11813", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813" }, { "name": "java-plugin-unspecified-security-bypass(41031)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41031" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "1019550", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019550" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1192", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and \"execute local applications\" via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "233324", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29841" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "oval:org.mitre.oval:def:11813", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813" }, { "name": "java-plugin-unspecified-security-bypass(41031)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41031" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "1019550", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019550" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1192", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.705Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1193
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29841" }, { "name": "sun-jre-imagelibrary-privilege-escalation(41028)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41028" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019551", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019551" }, { "name": "233325", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1" }, { "name": "RHSA-2008:0245", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "28125", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28125" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30003" }, { "name": "oval:org.mitre.oval:def:11409", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11409" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29841" }, { "name": "sun-jre-imagelibrary-privilege-escalation(41028)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41028" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019551", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019551" }, { "name": "233325", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1" }, { "name": "RHSA-2008:0245", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "28125", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28125" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30003" }, { "name": "oval:org.mitre.oval:def:11409", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11409" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1193", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "29841", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29841" }, { "name": "sun-jre-imagelibrary-privilege-escalation(41028)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41028" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019551", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019551" }, { "name": "233325", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1" }, { "name": "RHSA-2008:0245", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "28125", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28125" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30003" }, { "name": "oval:org.mitre.oval:def:11409", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11409" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1193", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1196
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.987Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "VU#223028", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/223028" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "31586", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31586" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "sun-java-webstart-javaws-bo(41026)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41026" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "oval:org.mitre.oval:def:10412", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10412" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "233327", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233327-1" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "31067", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31067" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "1019552", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019552" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0555", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0555.html" }, { "name": "31580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31580" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "VU#223028", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/223028" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "31586", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31586" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "sun-java-webstart-javaws-bo(41026)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41026" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "oval:org.mitre.oval:def:10412", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10412" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "233327", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233327-1" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "31067", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31067" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "1019552", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019552" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0555", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0555.html" }, { "name": "31580", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31580" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1196", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "VU#223028", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/223028" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "31586", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31586" }, { "name": "http://download.novell.com/Download?buildid=q5exhSqeBjA~", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=q5exhSqeBjA~" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "sun-java-webstart-javaws-bo(41026)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41026" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "oval:org.mitre.oval:def:10412", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10412" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "233327", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233327-1" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "31067", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31067" }, { "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html", "refsource": "CONFIRM", "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "1019552", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019552" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0555", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0555.html" }, { "name": "31580", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31580" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1196", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.987Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3112
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-042/" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "sun-javawebstart-file-create(43666)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43666" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "oval:org.mitre.oval:def:11102", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-042/" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "sun-javawebstart-file-create(43666)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43666" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "oval:org.mitre.oval:def:11102", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3112", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32826" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-042/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-042/" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "sun-javawebstart-file-create(43666)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43666" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "oval:org.mitre.oval:def:11102", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102" }, { "name": "SUSE-SR:2008:028", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3112", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3114
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.695Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "sun-javawebstart-cache-info-disclosure(43668)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43668" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9755", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "sun-javawebstart-cache-info-disclosure(43668)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43668" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9755", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3114", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32826" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "sun-javawebstart-cache-info-disclosure(43668)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43668" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9755", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3114", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1190
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.837Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019549" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "oval:org.mitre.oval:def:9914", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9914" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the \"fourth\" issue." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019549" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "oval:org.mitre.oval:def:9914", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9914" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1190", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the \"fourth\" issue." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019549", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019549" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "javawebstart-application-priv-escalation(41029)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41029" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "oval:org.mitre.oval:def:9914", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9914" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "233323", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1190", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.837Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3106
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:40.482Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10866", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32436" }, { "name": "1020457", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020457" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=756717" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "30143", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30143" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=751014" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "238628", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1" }, { "name": "RHSA-2008:1045", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "33238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33238" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "sun-jre-xml-unauth-access(43658)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43658" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10866", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32436" }, { "name": "1020457", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020457" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=756717" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "30143", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30143" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=751014" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "238628", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1" }, { "name": "RHSA-2008:1045", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "33238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33238" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "sun-jre-xml-unauth-access(43658)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43658" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3106", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:1044", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "oval:org.mitre.oval:def:10866", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866" }, { "name": "32436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32436" }, { "name": "1020457", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020457" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html" }, { "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=756717", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=756717" }, { "name": "33237", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "30143", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30143" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=751014", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=751014" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "238628", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1" }, { "name": "RHSA-2008:1045", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "33238", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33238" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "sun-jre-xml-unauth-access(43658)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43658" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3106", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:40.482Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3111
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:40.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "sun-javawebstart-unspecified-bo(43664)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "oval:org.mitre.oval:def:10541", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "sun-javawebstart-unspecified-bo(43664)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "oval:org.mitre.oval:def:10541", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3111", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "sun-javawebstart-unspecified-bo(43664)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "oval:org.mitre.oval:def:10541", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3111", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:40.707Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1195
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.886Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20080327 rPSA-2008-0128-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded" }, { "name": "29541", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29541" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "30620", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30620" }, { "name": "29560", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29560" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "233326", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "238492", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "USN-592-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-592-1" }, { "name": "oval:org.mitre.oval:def:9486", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486" }, { "name": "sun-jre-javascript-unauthorized-access(41030)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41030" }, { "name": "29645", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29645" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "ADV-2008-1793", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1793/references" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "29526", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29526" }, { "name": "SUSE-SA:2008:019", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-18.html" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "TA08-087A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "29547", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29547" }, { "name": "1019553", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019553" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "ADV-2008-0998", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0998/references" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" }, { "name": "MDVSA-2008:080", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20080327 rPSA-2008-0128-1 firefox", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded" }, { "name": "29541", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29541" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "30620", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30620" }, { "name": "29560", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29560" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "233326", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "238492", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "USN-592-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-592-1" }, { "name": "oval:org.mitre.oval:def:9486", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486" }, { "name": "sun-jre-javascript-unauthorized-access(41030)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41030" }, { "name": "29645", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29645" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "ADV-2008-1793", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1793/references" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "29526", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29526" }, { "name": "SUSE-SA:2008:019", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-18.html" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "TA08-087A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "29547", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29547" }, { "name": "1019553", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019553" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "ADV-2008-0998", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0998/references" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" }, { "name": "MDVSA-2008:080", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1195", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20080327 rPSA-2008-0128-1 firefox", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded" }, { "name": "29541", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29541" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "30620", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30620" }, { "name": "29560", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29560" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "233326", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "238492", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "USN-592-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-592-1" }, { "name": "oval:org.mitre.oval:def:9486", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486" }, { "name": "sun-jre-javascript-unauthorized-access(41030)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41030" }, { "name": "29645", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29645" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "ADV-2008-1793", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1793/references" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "29526", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29526" }, { "name": "SUSE-SA:2008:019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-18.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-18.html" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "TA08-087A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "29547", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29547" }, { "name": "1019553", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019553" }, { "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "ADV-2008-0998", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0998/references" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" }, { "name": "MDVSA-2008:080", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1195", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.886Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1194
Vulnerability from cvelistv5
Published
2008-03-06 21:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.703Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019551", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019551" }, { "name": "233325", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1" }, { "name": "RHSA-2008:0245", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA", "x_transferred" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "sun-jre-jdk-colorlibrary-dos(41132)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41132" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30003" }, { "name": "oval:org.mitre.oval:def:9542", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9542" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29273" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019551", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019551" }, { "name": "233325", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1" }, { "name": "RHSA-2008:0245", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "tags": [ "vendor-advisory", "x_refsource_BEA" ], "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "sun-jre-jdk-colorlibrary-dos(41132)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41132" }, { "name": "GLSA-200804-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30003" }, { "name": "oval:org.mitre.oval:def:9542", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9542" }, { "name": "GLSA-200804-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29273" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1194", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "30676", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30676" }, { "name": "RHSA-2008:0267", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html" }, { "name": "SUSE-SA:2008:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html" }, { "name": "1019551", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019551" }, { "name": "233325", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233325-1" }, { "name": "RHSA-2008:0245", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0245.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "29897", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29897" }, { "name": "29498", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29498" }, { "name": "BEA08-201.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/277" }, { "name": "sun-jre-jdk-colorlibrary-dos(41132)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41132" }, { "name": "GLSA-200804-28", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml" }, { "name": "29239", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29239" }, { "name": "29858", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29858" }, { "name": "TA08-066A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html" }, { "name": "SUSE-SA:2008:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "29582", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29582" }, { "name": "ADV-2008-1252", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1252" }, { "name": "ADV-2008-0770", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0770/references" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "RHSA-2008:0210", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html" }, { "name": "30780", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30780" }, { "name": "RHSA-2008:0244", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0244.html" }, { "name": "ADV-2008-1856", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1856/references" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html" }, { "name": "30003", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30003" }, { "name": "oval:org.mitre.oval:def:9542", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9542" }, { "name": "GLSA-200804-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml" }, { "name": "GLSA-200806-11", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml" }, { "name": "RHSA-2008:0186", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "29273", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29273" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1194", "datePublished": "2008-03-06T21:00:00", "dateReserved": "2008-03-06T00:00:00", "dateUpdated": "2024-08-07T08:08:57.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3108
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:40.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=756717" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "30147", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30147" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "33236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33236" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020461", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020461" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=751014" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "sun-jre-font-bo(43656)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43656" }, { "name": "238666", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-300.htm" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=756717" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "30147", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30147" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "33236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33236" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020461", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020461" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=751014" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "sun-jre-font-bo(43656)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43656" }, { "name": "238666", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-300.htm" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3108", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2008:1044", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=756717", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=756717" }, { "name": "33237", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "30147", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30147" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "33236", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33236" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020461", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020461" }, { "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=751014", "refsource": "CONFIRM", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026id=751014" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "sun-jre-font-bo(43656)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43656" }, { "name": "238666", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-300.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-300.htm" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3108", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:40.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.