Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-5353
HistoryDec 05, 2008 - 11:30 a.m.

CVE-2008-5353

2008-12-0511:30:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
67
cve-2008-5353
java
jre
sun jdk
security vulnerability
deserialization
remote attackers
privileged context

7.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by “deserializing Calendar objects”.

References

Related

canvas 2
packetstorm 2
seebug 7
threatpost 3
exploitpack 2
symantec 1
prion 1
metasploit 1
ubuntucve 1
exploitdb 4
checkpoint_advisories 1
openvas 41
ubuntu 1
nessus 32
securityvulns 2
redhat 6
fedora 2
suse 3
vmware 2
oracle 1
gentoo 1
canvas
canvas
Immunity Canvas: JAVA_DESERIALIZE
2008-12-05 06:30:00
Immunity Canvas: JAVA_DESERIALIZE_WIN32
2008-12-05 11:30:00
packetstorm
packetstorm
Sun Java Calendar Deserialization
2009-10-27 00:00:00
Signed Applet Social Engineering Code Exec
2010-02-05 00:00:00
seebug
seebug
Mac OS X - Java applet Remote Deserialization Remote PoC (updated)
2014-07-01 00:00:00
Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserialization Exploit
2008-12-03 00:00:00
Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit
2014-07-01 00:00:00
threatpost
threatpost
Serious Mac OS X Java vulnerability disclosed
2009-05-20 17:37:46
Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream
2012-08-30 02:03:14
Java Still a Favorite Target of Attackers
2011-11-30 19:39:18
exploitpack
exploitpack
Apple Mac OSX - Java applet Remote Deserialization Remote (2)
2009-05-20 00:00:00
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
2008-12-03 00:00:00
symantec
symantec
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
2008-12-03 00:00:00
prion
prion
Deserialization of untrusted data
2008-12-05 11:30:00
metasploit
metasploit
Sun Java Calendar Deserialization Privilege Escalation
2009-12-15 20:37:15
ubuntucve
ubuntucve
CVE-2008-5353
2008-12-05 00:00:00
exploitdb
exploitdb
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
2008-12-03 00:00:00
Apple Mac OSX - Java applet Remote Deserialization Remote (2)
2009-05-20 00:00:00
Signed Applet Social Engineering - Code Execution (Metasploit)
2011-01-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Java Signed Applet (CVE-2008-5353; CVE-2010-0094; CVE-2010-0840)
2011-11-01 00:00:00
openvas
openvas
Ubuntu USN-713-1 (openjdk-6)
2009-02-02 00:00:00
Ubuntu: Security Advisory (USN-713-1)
2009-02-02 00:00:00
RedHat Security Advisory RHSA-2009:0015
2009-01-20 00:00:00
ubuntu
ubuntu
openjdk-6 vulnerabilities
2009-01-27 00:00:00
nessus
nessus
Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)
2009-04-23 00:00:00
RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015)
2009-08-24 00:00:00
Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)
2008-12-08 00:00:00
securityvulns
securityvulns
[USN-713-1] openjdk-6 vulnerabilities
2009-01-31 00:00:00
Sun Java JRE / JDK / Web Start multiple security vulnerabilities
2009-04-23 00:00:00
redhat
redhat
(RHSA-2009:0015) Critical: java-1.6.0-ibm security update
2009-01-13 00:00:00
(RHSA-2009:0445) Critical: java-1.4.2-ibm security update
2009-04-23 00:00:00
(RHSA-2009:0466) Low: java-1.5.0-ibm security update
2009-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9
2008-12-07 04:27:51
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10
2008-12-07 04:33:22
suse
suse
remote code execution in IBM Java 1.4.2 and 6
2009-04-07 14:51:07
local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm
2009-01-29 14:08:00
remote code execution in Sun Java
2009-01-09 15:49:38
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
oracle
oracle
cpuapr2009.html
2009-04-14 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

7.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for CVE-2008-5353
canvas2packetstorm2seebug7threatpost3exploitpack2symantec1prion1metasploit1ubuntucve1exploitdb4checkpoint_advisories1openvas41ubuntu1nessus32securityvulns2redhat6fedora2suse3vmware2oracle1gentoo1