Action not permitted
Modal body text goes here.
Modal Title
Modal Body
rhsa-2008_0636
Vulnerability from csaf_redhat
Published
2008-08-13 14:18
Modified
2024-11-14 10:06
Summary
Red Hat Security Advisory: Red Hat Network Satellite Server Sun Java Runtime security update
Notes
Topic
Red Hat Network Satellite Server version 5.1.1 is now available. This
update includes fixes for a number of security issues in the Red Hat
Network Satellite Server Sun Java Runtime Environment.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
This release corrects several security vulnerabilities in the Sun Java
Runtime Environment shipped as part of Red Hat Network Satellite Server
5.1. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets.
Multiple flaws were fixed in the Sun Java 1.5.0 Runtime Environment.
(CVE-2008-3103, CVE-2008-3104, CVE-2008-3107, CVE-2008-3111, CVE-2008-3112,
CVE-2008-3113, CVE-2008-3114)
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in the Red Hat\nNetwork Satellite Server Sun Java Runtime Environment.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", "title": "Topic" }, { "category": "general", "text": "This release corrects several security vulnerabilities in the Sun Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.1. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nMultiple flaws were fixed in the Sun Java 1.5.0 Runtime Environment.\n(CVE-2008-3103, CVE-2008-3104, CVE-2008-3107, CVE-2008-3111, CVE-2008-3112,\nCVE-2008-3113, CVE-2008-3114)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2008:0636", "url": "https://access.redhat.com/errata/RHSA-2008:0636" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "452658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452658" }, { "category": "external", "summary": "452659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452659" }, { "category": "external", "summary": "454601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454601" }, { "category": "external", "summary": "454605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454605" }, { "category": "external", "summary": "454606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454606" }, { "category": "external", "summary": "454607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454607" }, { "category": "external", "summary": "454608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454608" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0636.json" } ], "title": "Red Hat Security Advisory: Red Hat Network Satellite Server Sun Java Runtime security update", "tracking": { "current_release_date": "2024-11-14T10:06:19+00:00", "generator": { "date": "2024-11-14T10:06:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2008:0636", "initial_release_date": "2008-08-13T14:18:00+00:00", "revision_history": [ { "date": "2008-08-13T14:18:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2008-08-13T10:18:21+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:06:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)", "product": { "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_satellite:5.1::el4" } } } ], "category": "product_family", "name": "Red Hat Satellite" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64", "product": { "name": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64", "product_id": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-devel@1.5.0.16-1jpp.2.el4?arch=x86_64" } } }, { "category": "product_version", "name": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "product": { "name": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "product_id": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun@1.5.0.16-1jpp.2.el4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "product": { "name": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "product_id": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun-devel@1.5.0.16-1jpp.2.el4?arch=i586" } } }, { "category": "product_version", "name": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "product": { "name": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "product_id": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.5.0-sun@1.5.0.16-1jpp.2.el4?arch=i586" } } } ], "category": "architecture", "name": "i586" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586" }, "product_reference": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "relates_to_product_reference": "4AS-RHNSAT5.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64" }, "product_reference": "java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "relates_to_product_reference": "4AS-RHNSAT5.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586" }, "product_reference": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "relates_to_product_reference": "4AS-RHNSAT5.1" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", "product_id": "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" }, "product_reference": "java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64", "relates_to_product_reference": "4AS-RHNSAT5.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-3103", "discovery_date": "2008-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "452659" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to \"perform unauthorized operations\" via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK JMX allows illegal operations with local monitoring (6332953)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3103" }, { "category": "external", "summary": "RHBZ#452659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452659" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3103", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3103" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3103", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3103" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:18:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0636" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK JMX allows illegal operations with local monitoring (6332953)" }, { "cve": "CVE-2008-3104", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454601" } ], "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to localhost services running on the machine that loaded the applet.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java RE allows Same Origin Policy to be Bypassed (6687932)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3104" }, { "category": "external", "summary": "RHBZ#454601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3104", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3104" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3104" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:18:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0636" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java RE allows Same Origin Policy to be Bypassed (6687932)" }, { "cve": "CVE-2008-3107", "discovery_date": "2008-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "452658" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK untrusted applet/application privilege escalation (6661918)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3107" }, { "category": "external", "summary": "RHBZ#452658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452658" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3107", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3107" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3107", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3107" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:18:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0636" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "JDK untrusted applet/application privilege escalation (6661918)" }, { "cve": "CVE-2008-3111", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454605" } ], "notes": [ { "category": "description", "text": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start Buffer overflow vulnerabilities (6557220)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3111" }, { "category": "external", "summary": "RHBZ#454605", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454605" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3111", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3111" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3111", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3111" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:18:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0636" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Web Start Buffer overflow vulnerabilities (6557220)" }, { "cve": "CVE-2008-3112", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454606" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start, arbitrary file creation (6703909)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3112" }, { "category": "external", "summary": "RHBZ#454606", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454606" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3112", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3112" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3112", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3112" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:18:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0636" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Web Start, arbitrary file creation (6703909)" }, { "cve": "CVE-2008-3113", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454607" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start arbitrary file creation/deletion file with user permissions (6704077)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3113" }, { "category": "external", "summary": "RHBZ#454607", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454607" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3113", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3113" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:18:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0636" } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Web Start arbitrary file creation/deletion file with user permissions (6704077)" }, { "cve": "CVE-2008-3114", "discovery_date": "2008-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "454608" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start, untrusted application may determine Cache Location (6704074)", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-3114" }, { "category": "external", "summary": "RHBZ#454608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454608" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3114" } ], "release_date": "2008-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2008-08-13T14:18:00+00:00", "details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.1.0/html/Installation_Guide/s1-maintenance-update.html", "product_ids": [ "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-0:1.5.0.16-1jpp.2.el4.x86_64", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.i586", "4AS-RHNSAT5.1:java-1.5.0-sun-devel-0:1.5.0.16-1jpp.2.el4.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2008:0636" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java Web Start, untrusted application may determine Cache Location (6704074)" } ] }
cve-2008-3107
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "238967", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1" }, { "name": "sun-virtualmachine-unauth-access(43659)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43659" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "1020455", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020455" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "30141", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30141" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "oval:org.mitre.oval:def:10219", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10219" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "238967", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1" }, { "name": "sun-virtualmachine-unauth-access(43659)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43659" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "1020455", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020455" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "30141", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30141" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "oval:org.mitre.oval:def:10219", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10219" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3107", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "238967", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1" }, { "name": "sun-virtualmachine-unauth-access(43659)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43659" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "1020455", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020455" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "30141", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30141" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "oval:org.mitre.oval:def:10219", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10219" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3107", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3104
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.611Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "sun-jre-unspecified-security-bypass(43662)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662" }, { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "1020459", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020459" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "238968", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35065" }, { "name": "30140", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30140" }, { "name": "33236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33236" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31269" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:1045", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "33238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33238" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9565", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to localhost services running on the machine that loaded the applet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "sun-jre-unspecified-security-bypass(43662)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662" }, { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "1020459", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020459" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "238968", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35065" }, { "name": "30140", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30140" }, { "name": "33236", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33236" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31269", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31269" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:1045", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "33238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33238" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9565", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3104", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to localhost services running on the machine that loaded the applet." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "sun-jre-unspecified-security-bypass(43662)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662" }, { "name": "RHSA-2008:1044", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32826" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "1020459", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020459" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "RHSA-2008:1043", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "238968", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1" }, { "name": "33194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "33237", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065" }, { "name": "30140", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30140" }, { "name": "33236", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33236" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31269", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31269" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:1045", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "33238", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33238" }, { "name": "SUSE-SR:2008:028", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9565", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3104", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.611Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3103
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.545Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1020458", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020458" }, { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "32394", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32394" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32436" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "sun-jmx-security-bypass(43669)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43669" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "34972", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34972" }, { "name": "RHSA-2009:0466", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html" }, { "name": "238965", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "32437", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32437" }, { "name": "SUSE-SR:2008:022", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:0891", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0891.html" }, { "name": "RHSA-2008:1045", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "30146", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30146" }, { "name": "33238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33238" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "oval:org.mitre.oval:def:10920", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10920" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to \"perform unauthorized operations\" via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "1020458", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020458" }, { "name": "RHSA-2008:1044", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "32394", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32394" }, { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32436" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "sun-jmx-security-bypass(43669)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43669" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "33237", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "34972", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34972" }, { "name": "RHSA-2009:0466", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html" }, { "name": "238965", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "32437", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32437" }, { "name": "SUSE-SR:2008:022", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:0891", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0891.html" }, { "name": "RHSA-2008:1045", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "30146", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30146" }, { "name": "33238", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33238" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "oval:org.mitre.oval:def:10920", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10920" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3103", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to \"perform unauthorized operations\" via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1020458", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020458" }, { "name": "RHSA-2008:1044", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html" }, { "name": "32394", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32394" }, { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32436" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm" }, { "name": "sun-jmx-security-bypass(43669)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43669" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "33237", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33237" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "34972", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34972" }, { "name": "RHSA-2009:0466", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html" }, { "name": "238965", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "32437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32437" }, { "name": "SUSE-SR:2008:022", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm" }, { "name": "RHSA-2008:0891", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0891.html" }, { "name": "RHSA-2008:1045", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html" }, { "name": "30146", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30146" }, { "name": "33238", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33238" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "RHSA-2008:0906", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "oval:org.mitre.oval:def:10920", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10920" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3103", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3111
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:40.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "sun-javawebstart-unspecified-bo(43664)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "oval:org.mitre.oval:def:10541", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "sun-javawebstart-unspecified-bo(43664)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "oval:org.mitre.oval:def:10541", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3111", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "sun-javawebstart-unspecified-bo(43664)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43664" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "oval:org.mitre.oval:def:10541", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-043/" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/494505/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3111", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:40.707Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3113
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32826" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "sun-javawebstart-file-manipulation(43667)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43667" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:10454", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32826" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "sun-javawebstart-file-manipulation(43667)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43667" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:10454", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3113", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32826" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "sun-javawebstart-file-manipulation(43667)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43667" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30148" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:10454", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3113", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3114
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.695Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "sun-javawebstart-cache-info-disclosure(43668)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43668" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9755", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "sun-javawebstart-cache-info-disclosure(43668)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43668" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9755", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3114", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32826" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "SUSE-SR:2008:028", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "sun-javawebstart-cache-info-disclosure(43668)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43668" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "oval:org.mitre.oval:def:9755", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3114", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.695Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-3112
Vulnerability from cvelistv5
Published
2008-07-09 23:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T09:28:41.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-042/" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "sun-javawebstart-file-create(43666)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43666" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "oval:org.mitre.oval:def:11102", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/31010" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-07-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "APPLE-SA-2008-09-24", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32826" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-042/" }, { "name": "ADV-2008-2056", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/32180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35065" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "sun-javawebstart-file-create(43666)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43666" }, { "name": "31497", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "oval:org.mitre.oval:def:11102", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102" }, { "name": "SUSE-SR:2008:028", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/31010" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3112", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "APPLE-SA-2008-09-24", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=122331139823057\u0026w=2" }, { "name": "32436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32436" }, { "name": "32826", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32826" }, { "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm" }, { "name": "31600", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31600" }, { "name": "SUSE-SA:2008:042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" }, { "name": "32018", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32018" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "32179", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32179" }, { "name": "33194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33194" }, { "name": "ADV-2008-2740", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2740" }, { "name": "31320", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31320" }, { "name": "SUSE-SA:2008:043", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-042/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-042/" }, { "name": "ADV-2008-2056", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2056/references" }, { "name": "238905", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1" }, { "name": "31055", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31055" }, { "name": "32180", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32180" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" }, { "name": "31736", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31736" }, { "name": "35065", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35065" }, { "name": "http://support.apple.com/kb/HT3178", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3178" }, { "name": "1020452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020452" }, { "name": "30148", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30148" }, { "name": "RHSA-2008:0594", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html" }, { "name": "sun-javawebstart-file-create(43666)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43666" }, { "name": "31497", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31497" }, { "name": "SUSE-SR:2009:010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" }, { "name": "RHSA-2008:0955", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html" }, { "name": "oval:org.mitre.oval:def:11102", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11102" }, { "name": "SUSE-SR:2008:028", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html" }, { "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" }, { "name": "SUSE-SA:2008:045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html" }, { "name": "RHSA-2008:0790", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html" }, { "name": "RHSA-2008:0906", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html" }, { "name": "TA08-193A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "http://support.apple.com/kb/HT3179", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3179" }, { "name": "RHSA-2008:0595", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html" }, { "name": "31010", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31010" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3112", "datePublished": "2008-07-09T23:00:00", "dateReserved": "2008-07-09T00:00:00", "dateUpdated": "2024-08-07T09:28:41.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.