Lucene search

K

[email protected]CVE-2008-2086

HistoryDec 05, 2008 - 2:30 a.m.

CVE-2008-2086

2008-12-0502:30:00

CWE-94

[email protected]

web.nvd.nist.gov

57

cve-2008-2086

sun java

java web start

java plug-in

jdk

jre

remote code execution

file inclusion

nvd

7.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.483 Medium

EPSS

Percentile

97.4%

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka “Java Web Start File Inclusion” and CR 6694892.

CPENameOperatorVersion
sun:jdksun jdkeq5.0
sun:jresun jreeq6
sun:jresun jreeq1.4.2_7
sun:jresun jreeq1.4.2_16
sun:jresun jreeq5.0
sun:jresun jreeq1.4.2_4
sun:sdksun sdkeq1.4.2_10
sun:sdksun sdkeq1.4.2_12
sun:jresun jreeq1.4.2_2
sun:jdksun jdkeq6

Rows per page:

1-10 of 401

References

lists.apple.com/archives/security-announce/2009/Feb/msg00003.html

lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

marc.info/?l=bugtraq&m=123678756409861&w=2

marc.info/?l=bugtraq&m=126583436323697&w=2

osvdb.org/50510

rhn.redhat.com/errata/RHSA-2008-1025.html

secunia.com/advisories/32991

secunia.com/advisories/33015

secunia.com/advisories/33528

secunia.com/advisories/33710

secunia.com/advisories/34233

secunia.com/advisories/34605

secunia.com/advisories/34889

secunia.com/advisories/35065

secunia.com/advisories/37386

secunia.com/advisories/38539

security.gentoo.org/glsa/glsa-200911-02.xml

securityreason.com/securityalert/4693

sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1

support.avaya.com/elmodocs2/security/ASA-2008-486.htm

support.avaya.com/elmodocs2/security/ASA-2009-012.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

www.redhat.com/support/errata/RHSA-2008-1018.html

www.redhat.com/support/errata/RHSA-2009-0015.html

www.redhat.com/support/errata/RHSA-2009-0016.html

www.redhat.com/support/errata/RHSA-2009-0445.html

www.securityfocus.com/archive/1/498907/100/0/threaded

www.securityfocus.com/bid/32620

www.securitytracker.com/id?1021318

www.us-cert.gov/cas/techalerts/TA08-340A.html

www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt

www.vupen.com/english/advisories/2009/0424

www.vupen.com/english/advisories/2009/0672

www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5601

7.7 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.483 Medium

EPSS

Percentile

97.4%

Related for CVE-2008-2086

prion1 checkpoint_advisories2 securityvulns2 nessus31 ubuntucve1 openvas32 redhat6 suse3 seebug1 vmware2 gentoo1