Lucene search

K

[email protected]CVE-2008-3111

HistoryJul 09, 2008 - 11:41 p.m.

CVE-2008-3111

2008-07-0923:41:00

CWE-119

CWE-20

[email protected]

web.nvd.nist.gov

55

sun java

web start

jdk

jre

buffer overflow

security vulnerability

6.9 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.654 Medium

EPSS

Percentile

97.9%

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

CPENameOperatorVersion
sun:jdksun jdkeq5.0
sun:jresun jreeq1.4.2_16
sun:sdksun sdkeq1.4.2
sun:jresun jreeq5.0
sun:jresun jreeq1.4.2_01
sun:sdksun sdkeq1.4.2_10
sun:sdksun sdkeq1.4.2_12
sun:jresun jreeq6
sun:sdksun sdkeq1.4.2_17
sun:jresun jreeq1.4.2_03

Rows per page:

1-10 of 411

References

lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html

marc.info/?l=bugtraq&m=122331139823057&w=2

secunia.com/advisories/31010

secunia.com/advisories/31055

secunia.com/advisories/31320

secunia.com/advisories/31497

secunia.com/advisories/31600

secunia.com/advisories/31736

secunia.com/advisories/32018

secunia.com/advisories/32179

secunia.com/advisories/32180

secunia.com/advisories/37386

security.gentoo.org/glsa/glsa-200911-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

support.apple.com/kb/HT3178

support.apple.com/kb/HT3179

www.redhat.com/support/errata/RHSA-2008-0595.html

www.redhat.com/support/errata/RHSA-2008-0790.html

www.securityfocus.com/archive/1/494505/100/0/threaded

www.securityfocus.com/archive/1/497041/100/0/threaded

www.securityfocus.com/bid/30148

www.securitytracker.com/id?1020452

www.us-cert.gov/cas/techalerts/TA08-193A.html

www.vmware.com/security/advisories/VMSA-2008-0016.html

www.vupen.com/english/advisories/2008/2056/references

www.vupen.com/english/advisories/2008/2740

www.zerodayinitiative.com/advisories/ZDI-08-043/

exchange.xforce.ibmcloud.com/vulnerabilities/43664

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541

6.9 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.654 Medium

EPSS

Percentile

97.9%

Related for CVE-2008-3111

checkpoint_advisories2 prion1 ubuntucve1 saint4 zdi1 suse3 nessus24 openvas14 redhat4 vmware2 securityvulns1 gentoo1