Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-3111
HistoryJul 09, 2008 - 11:41 p.m.

CVE-2008-3111

2008-07-0923:41:00
CWE-20
CWE-119
[email protected]
web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.8 High

AI Score

Confidence

High

0.656 Medium

EPSS

Percentile

97.9%

JSON

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

Affected configurations

NVD
Node
sunjdkMatch5.0update_1
OR
sunjdkMatch5.0update_10
OR
sunjdkMatch5.0update_11
OR
sunjdkMatch5.0update_12
OR
sunjdkMatch5.0update_13
OR
sunjdkMatch5.0update_14
OR
sunjdkMatch5.0update_15
OR
sunjdkMatch5.0update_2
OR
sunjdkMatch5.0update_3
OR
sunjdkMatch5.0update_4
OR
sunjdkMatch5.0update_5
OR
sunjdkMatch5.0update_6
OR
sunjdkMatch5.0update_7
OR
sunjdkMatch5.0update_8
OR
sunjdkMatch5.0update_9
OR
sunjdkMatch6update_1
OR
sunjdkMatch6update_2
OR
sunjdkMatch6update_3
OR
sunjreMatch1.4
OR
sunjreMatch1.4.2_01
OR
sunjreMatch1.4.2_02
OR
sunjreMatch1.4.2_03
OR
sunjreMatch1.4.2_04
OR
sunjreMatch1.4.2_05
OR
sunjreMatch1.4.2_06
OR
sunjreMatch1.4.2_07
OR
sunjreMatch1.4.2_8
OR
sunjreMatch1.4.2_9
OR
sunjreMatch1.4.2_10
OR
sunjreMatch1.4.2_11
OR
sunjreMatch1.4.2_12
OR
sunjreMatch1.4.2_13
OR
sunjreMatch1.4.2_14
OR
sunjreMatch1.4.2_15
OR
sunjreMatch1.4.2_16
OR
sunjreMatch1.4.2_17
OR
sunjreMatch5.0update_1
OR
sunjreMatch5.0update_10
OR
sunjreMatch5.0update_11
OR
sunjreMatch5.0update_12
OR
sunjreMatch5.0update_13
OR
sunjreMatch5.0update_14
OR
sunjreMatch5.0update_15
OR
sunjreMatch5.0update_2
OR
sunjreMatch5.0update_3
OR
sunjreMatch5.0update_4
OR
sunjreMatch5.0update_5
OR
sunjreMatch5.0update_6
OR
sunjreMatch5.0update_7
OR
sunjreMatch5.0update_8
OR
sunjreMatch5.0update_9
OR
sunjreMatch6update_1
OR
sunjreMatch6update_2
OR
sunjreMatch6update_3
OR
sunsdkMatch1.4
OR
sunsdkMatch1.4.2
OR
sunsdkMatch1.4.2_01
OR
sunsdkMatch1.4.2_02
OR
sunsdkMatch1.4.2_03
OR
sunsdkMatch1.4.2_04
OR
sunsdkMatch1.4.2_05
OR
sunsdkMatch1.4.2_06
OR
sunsdkMatch1.4.2_07
OR
sunsdkMatch1.4.2_08
OR
sunsdkMatch1.4.2_09
OR
sunsdkMatch1.4.2_10
OR
sunsdkMatch1.4.2_11
OR
sunsdkMatch1.4.2_12
OR
sunsdkMatch1.4.2_13
OR
sunsdkMatch1.4.2_14
OR
sunsdkMatch1.4.2_15
OR
sunsdkMatch1.4.2_16
OR
sunsdkMatch1.4.2_17

References

Related

checkpoint_advisories 2
prion 1
cve 1
saint 4
zdi 1
ubuntucve 1
cvelist 1
nessus 24
suse 3
redhat 4
openvas 14
vmware 2
securityvulns 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow (CVE-2008-3111)
2010-03-03 00:00:00
Sun Java Web Start JNLP vm args Stack Overflow (CVE-2008-3111)
2009-12-24 00:00:00
prion
prion
Stack overflow
2008-07-09 23:41:00
cve
cve
CVE-2008-3111
2008-07-09 23:41:00
saint
saint
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
2008-07-23 00:00:00
zdi
zdi
Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability
2008-07-17 00:00:00
ubuntucve
ubuntucve
CVE-2008-3111
2008-07-09 00:00:00
cvelist
cvelist
CVE-2008-3111
2008-07-09 23:00:00
nessus
nessus
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0790)
2009-08-24 00:00:00
RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0595)
2009-08-24 00:00:00
SuSE 10 Security Update : IBM Java 1.5 (ZYPP Patch Number 5591)
2008-09-14 00:00:00
suse
suse
remote code execution in IBMJava5-JRE,java-1_5_0-ibm
2008-09-04 13:19:33
remote code execution in java-1_5_0-ibm,IBMJava5
2008-09-17 13:28:28
remote code execution in Sun Java security update
2008-08-25 12:44:04
redhat
redhat
(RHSA-2008:0595) Critical: java-1.5.0-sun security update
2008-07-14 00:00:00
(RHSA-2008:0790) Critical: java-1.5.0-ibm security update
2008-07-31 00:00:00
(RHSA-2008:0636) Low: Red Hat Network Satellite Server Sun Java Runtime security update
2008-08-13 00:00:00
openvas
openvas
SLES9: Security update for IBM Java5 JRE and IBMJava5 SDK
2009-10-10 00:00:00
SLES9: Security update for Java2
2009-10-10 00:00:00
SLES9: Security update for Java2
2009-10-10 00:00:00
vmware
vmware
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-03 00:00:00
securityvulns
securityvulns
VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues
2008-10-06 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.8 High

AI Score

Confidence

High

0.656 Medium

EPSS

Percentile

97.9%

JSON
Related for NVD:CVE-2008-3111
checkpoint_advisories2prion1cve1saint4zdi1ubuntucve1cvelist1nessus24suse3redhat4openvas14vmware2securityvulns1gentoo1