Lucene search

[email protected]CVE-2008-1187

HistoryMar 06, 2008 - 9:44 p.m.

CVE-2008-1187

2008-03-0621:44:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-1187

sun java

jre

jdk

denial of service

remote attack

arbitrary code execution

xslt transform

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

JSON

Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.

Affected configurations

NVD

Node

sunjdkRange≤5.0update_14

sunjdkRange≤6update_4

sunjdkMatch5.0update_1

sunjdkMatch5.0update_10

sunjdkMatch5.0update_11

sunjdkMatch5.0update_12

sunjdkMatch5.0update_13

sunjdkMatch5.0update_2

sunjdkMatch5.0update_3

sunjdkMatch5.0update_4

sunjdkMatch5.0update_5

sunjdkMatch5.0update_6

sunjdkMatch5.0update_7

sunjdkMatch5.0update_8

sunjdkMatch5.0update_9

sunjdkMatch6

sunjdkMatch6update_1

sunjdkMatch6update_2

sunjdkMatch6update_3

sunjreRange≤1.4.2_14

sunjreRange≤5.0update_14

sunjreRange≤6update_4

sunjreMatch1.4.2_01

sunjreMatch1.4.2_1

sunjreMatch1.4.2_02

sunjreMatch1.4.2_03

sunjreMatch1.4.2_04

sunjreMatch1.4.2_05

sunjreMatch1.4.2_06

sunjreMatch1.4.2_07

sunjreMatch1.4.2_10

sunjreMatch1.4.2_11

sunjreMatch1.4.2_12

sunjreMatch1.4.2_13

sunjreMatch5.0

sunjreMatch5.0update_1

sunjreMatch5.0update_10

sunjreMatch5.0update_11

sunjreMatch5.0update_12

sunjreMatch5.0update_13

sunjreMatch5.0update_2

sunjreMatch5.0update_3

sunjreMatch5.0update_4

sunjreMatch5.0update_5

sunjreMatch5.0update_6

sunjreMatch5.0update_7

sunjreMatch5.0update_8

sunjreMatch5.0update_9

sunjreMatch6

sunjreMatch6update_1

sunjreMatch6update_2

sunjreMatch6update_3

sunsdkRange≤1.4.2_16

sunsdkMatch1.4.2

sunsdkMatch1.4.2_01

sunsdkMatch1.4.2_1

sunsdkMatch1.4.2_02

sunsdkMatch1.4.2_03

sunsdkMatch1.4.2_04

sunsdkMatch1.4.2_05

sunsdkMatch1.4.2_06

sunsdkMatch1.4.2_07

sunsdkMatch1.4.2_08

sunsdkMatch1.4.2_09

sunsdkMatch1.4.2_10

sunsdkMatch1.4.2_11

sunsdkMatch1.4.2_12

sunsdkMatch1.4.2_13

sunsdkMatch1.4.2_14

sunsdkMatch1.4.2_15

CPENameOperatorVersion
sun:jdksun jdkle5.0
sun:jdksun jdkle6
sun:jresun jrele1.4.2_14
sun:jresun jrele5.0
sun:jresun jrele6
sun:jresun jreeq1.4.2_01
sun:jresun jreeq1.4.2_1
sun:jresun jreeq1.4.2_02
sun:jresun jreeq1.4.2_03
sun:jresun jreeq1.4.2_04

CPE	Name	Operator	Version
sun:jdk	sun jdk	le	5.0
sun:jdk	sun jdk	le	6
sun:jre	sun jre	le	1.4.2_14
sun:jre	sun jre	le	5.0
sun:jre	sun jre	le	6
sun:jre	sun jre	eq	1.4.2_01
sun:jre	sun jre	eq	1.4.2_1
sun:jre	sun jre	eq	1.4.2_02
sun:jre	sun jre	eq	1.4.2_03
sun:jre	sun jre	eq	1.4.2_04

Rows per page:

1-10 of 351

References

dev2dev.bea.com/pub/advisory/277

download.novell.com/Download?buildid=q5exhSqeBjA~

jvn.jp/en/jp/JVN04032535/index.html

jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html

lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

secunia.com/advisories/29239

secunia.com/advisories/29273

secunia.com/advisories/29498

secunia.com/advisories/29582

secunia.com/advisories/29841

secunia.com/advisories/29858

secunia.com/advisories/29897

secunia.com/advisories/29999

secunia.com/advisories/30003

secunia.com/advisories/30676

secunia.com/advisories/30780

secunia.com/advisories/31067

secunia.com/advisories/31497

secunia.com/advisories/31580

secunia.com/advisories/31586

secunia.com/advisories/32018

security.gentoo.org/glsa/glsa-200804-28.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1

support.apple.com/kb/HT3178

support.apple.com/kb/HT3179

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html

www.gentoo.org/security/en/glsa/glsa-200804-20.xml

www.gentoo.org/security/en/glsa/glsa-200806-11.xml

www.redhat.com/support/errata/RHSA-2008-0186.html

www.redhat.com/support/errata/RHSA-2008-0210.html

www.redhat.com/support/errata/RHSA-2008-0243.html

www.redhat.com/support/errata/RHSA-2008-0244.html

www.redhat.com/support/errata/RHSA-2008-0245.html

www.redhat.com/support/errata/RHSA-2008-0267.html

www.redhat.com/support/errata/RHSA-2008-0555.html

www.securitytracker.com/id?1019548

www.us-cert.gov/cas/techalerts/TA08-066A.html

www.vmware.com/security/advisories/VMSA-2008-0010.html

www.vupen.com/english/advisories/2008/0770/references

www.vupen.com/english/advisories/2008/1252

www.vupen.com/english/advisories/2008/1856/references

exchange.xforce.ibmcloud.com/vulnerabilities/41025

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2008-1187

nvd1 ubuntucve1 prion1 nessus22 redhat8 cvelist1 openvas26 suse2 f52 vmware2 gentoo1