ID CVE-2008-5349
Summary Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 11-10-2018 - 20:54)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
oval via4
accepted 2010-01-11T04:01:30.075-05:00
class vulnerability
contributors
name Michael Wood
organization Hewlett-Packard
definition_extensions
comment VMware ESX Server 3.5.0 is installed
oval oval:org.mitre.oval:def:5887
description Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
family unix
id oval:org.mitre.oval:def:5843
status accepted
submitted 2009-09-23T15:39:02.000-04:00
title Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service
version 4
redhat via4
advisories
  • rhsa
    id RHSA-2008:1018
  • rhsa
    id RHSA-2008:1025
  • rhsa
    id RHSA-2009:0016
  • rhsa
    id RHSA-2009:0466
rpms
  • java-1.6.0-sun-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.11-1jpp.1.el5
  • java-1.5.0-sun-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-demo-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-demo-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-devel-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-devel-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-plugin-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-plugin-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-src-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-src-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-accessibility-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-demo-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-demo-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-src-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-src-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4
  • java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-demo-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-demo-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-demo-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-devel-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-devel-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-devel-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-plugin-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-src-0:1.4.2.13.1-1jpp.1.el3
  • java-1.4.2-ibm-src-0:1.4.2.13.1-1jpp.1.el4
  • java-1.4.2-ibm-src-0:1.4.2.13.1-1jpp.1.el5
  • java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3
  • java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8
  • java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3
refmap via4
bid 32608
cert TA08-340A
confirm
gentoo GLSA-200911-02
hp
  • HPSBMA02429
  • HPSBUX02429
  • SSRT090058
osvdb 50504
sectrack 1021309
secunia
  • 32991
  • 33015
  • 33709
  • 34259
  • 34972
  • 35255
  • 37386
sunalert 246286
suse
  • SUSE-SR:2009:006
  • SUSE-SR:2009:016
  • SUSE-SR:2009:017
vupen
  • ADV-2008-3339
  • ADV-2009-1426
xf sun-jre-rsa-dos(47064)
saint via4
bid 32608
description Java Runtime Environment JAR manifest Main Class buffer overflow
id web_client_jre,web_dev_jdk
osvdb 50499
title jre_manifest_main_class
type client
Last major update 11-10-2018 - 20:54
Published 05-12-2008 - 11:30
Last modified 11-10-2018 - 20:54
Back to Top