Lucene search

[email protected]CVE-2008-1188

HistoryMar 06, 2008 - 9:44 p.m.

CVE-2008-1188

2008-03-0621:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1188

buffer overflow

java web start

sun jdk

jre

remote code execution

security vulnerability

nvd

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.546 Medium

EPSS

Percentile

97.6%

JSON

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka “The first two issues.”

CPENameOperatorVersion
sun:jdksun jdkeq1.6.0
sun:jdksun jdkeq1.5.0
sun:jresun jreeq1.6.0
sun:jresun jreeq1.5.0

CPE	Name	Operator	Version
sun:jdk	sun jdk	eq	1.6.0
sun:jdk	sun jdk	eq	1.5.0
sun:jre	sun jre	eq	1.6.0
sun:jre	sun jre	eq	1.5.0

References

lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

secunia.com/advisories/29239

secunia.com/advisories/29273

secunia.com/advisories/29498

secunia.com/advisories/29582

secunia.com/advisories/29858

secunia.com/advisories/29897

secunia.com/advisories/30676

secunia.com/advisories/30780

secunia.com/advisories/31497

secunia.com/advisories/32018

security.gentoo.org/glsa/glsa-200804-28.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1

support.apple.com/kb/HT3178

support.apple.com/kb/HT3179

www.gentoo.org/security/en/glsa/glsa-200804-20.xml

www.gentoo.org/security/en/glsa/glsa-200806-11.xml

www.redhat.com/support/errata/RHSA-2008-0186.html

www.redhat.com/support/errata/RHSA-2008-0210.html

www.redhat.com/support/errata/RHSA-2008-0267.html

www.securitytracker.com/id?1019549

www.us-cert.gov/cas/techalerts/TA08-066A.html

www.vmware.com/security/advisories/VMSA-2008-0010.html

www.vupen.com/english/advisories/2008/0770/references

www.vupen.com/english/advisories/2008/1856/references

www.zerodayinitiative.com/advisories/ZDI-08-009/

www.zerodayinitiative.com/advisories/ZDI-08-010/

exchange.xforce.ibmcloud.com/vulnerabilities/41029

exchange.xforce.ibmcloud.com/vulnerabilities/41133

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209

7.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.546 Medium

EPSS

Percentile

97.6%

JSON

Related for CVE-2008-1188

prion2 ubuntucve2 cve1 checkpoint_advisories1 securityvulns3 zdi2 redhat5 nessus17 openvas22 suse2 f52 vmware2 gentoo1