ID CVE-2008-3103
Summary Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 11-10-2018 - 20:45)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2010-09-06T04:06:50.282-04:00
class vulnerability
contributors
name Aharon Chernin
organization SCAP.com, LLC
description Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
family unix
id oval:org.mitre.oval:def:10920
status accepted
submitted 2010-07-09T03:56:16-04:00
title Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
version 6
redhat via4
advisories
  • rhsa
    id RHSA-2008:0594
  • rhsa
    id RHSA-2008:0595
  • rhsa
    id RHSA-2008:0891
  • rhsa
    id RHSA-2008:0906
  • rhsa
    id RHSA-2008:1044
  • rhsa
    id RHSA-2008:1045
  • rhsa
    id RHSA-2009:0466
refmap via4
apple APPLE-SA-2008-09-24
bid 30146
bugtraq
  • 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and
  • 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
cert TA08-193A
confirm
gentoo GLSA-200911-02
sectrack 1020458
secunia
  • 31010
  • 31055
  • 31497
  • 31600
  • 32018
  • 32179
  • 32180
  • 32394
  • 32436
  • 32437
  • 33237
  • 33238
  • 34972
  • 37386
sunalert 238965
suse
  • SUSE-SA:2008:042
  • SUSE-SR:2008:022
vupen
  • ADV-2008-2056
  • ADV-2008-2740
xf sun-jmx-security-bypass(43669)
Last major update 11-10-2018 - 20:45
Published 09-07-2008 - 23:41
Back to Top