CVE-2008-3109
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
88.3%
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or © execute local programs.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sun | jdk | * | cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:* |
| sun | jdk | 6 | cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:* |
| sun | jdk | 6 | cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:* |
| sun | jdk | 6 | cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:* |
| sun | jdk | 6 | cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:* |
| sun | jdk | 6 | cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:* |
| sun | jre | * | cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:* |
| sun | jre | 6 | cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:* |
| sun | jre | 6 | cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:* |
| sun | jre | 6 | cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:* |
References
lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
marc.info/?l=bugtraq&m=122331139823057&w=2
secunia.com/advisories/31010
secunia.com/advisories/31600
secunia.com/advisories/32018
secunia.com/advisories/32179
secunia.com/advisories/32180
secunia.com/advisories/32436
secunia.com/advisories/33238
secunia.com/advisories/37386
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
support.apple.com/kb/HT3179
support.avaya.com/elmodocs2/security/ASA-2008-428.htm
support.avaya.com/elmodocs2/security/ASA-2008-509.htm
www.redhat.com/support/errata/RHSA-2008-0594.html
www.redhat.com/support/errata/RHSA-2008-0906.html
www.redhat.com/support/errata/RHSA-2008-1045.html
www.securityfocus.com/archive/1/497041/100/0/threaded
www.securityfocus.com/bid/30144
www.securitytracker.com/id?1020456
www.us-cert.gov/cas/techalerts/TA08-193A.html
www.vmware.com/security/advisories/VMSA-2008-0016.html
www.vupen.com/english/advisories/2008/2056/references
www.vupen.com/english/advisories/2008/2740
exchange.xforce.ibmcloud.com/vulnerabilities/43660
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8540
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
88.3%