CVE-2008-3105

2008-07-0923:41:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

AI Score

8.6

Confidence

High

EPSS

0.057

Percentile

93.4%

JSON

Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving “processing of XML data” by a trusted application.

Affected configurations

Nvd

Node

sunjdkRange≤6update_6

sunjdkMatch6update_1

sunjdkMatch6update_2

sunjdkMatch6update_3

sunjdkMatch6update_4

sunjdkMatch6update_5

sunjreRange≤6update_6

sunjreMatch6update_1

sunjreMatch6update_2

sunjreMatch6update_3

sunjreMatch6update_4

sunjreMatch6update_5

VendorProductVersionCPE
sunjdk*cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:*
sunjdk6cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
sunjdk6cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
sunjdk6cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
sunjdk6cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
sunjdk6cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
sunjre*cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:*
sunjre6cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
sunjre6cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
sunjre6cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	jdk	*	cpe:2.3:a:sun:jdk::update_6::::::*
sun	jdk	6	cpe:2.3:a:sun:jdk:6:update_1::::::
sun	jdk	6	cpe:2.3:a:sun:jdk:6:update_2::::::
sun	jdk	6	cpe:2.3:a:sun:jdk:6:update_3::::::
sun	jdk	6	cpe:2.3:a:sun:jdk:6:update_4::::::
sun	jdk	6	cpe:2.3:a:sun:jdk:6:update_5::::::
sun	jre	*	cpe:2.3:a:sun:jre::update_6::::::*
sun	jre	6	cpe:2.3:a:sun:jre:6:update_1::::::
sun	jre	6	cpe:2.3:a:sun:jre:6:update_2::::::
sun	jre	6	cpe:2.3:a:sun:jre:6:update_3::::::