Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-5353
HistoryDec 05, 2008 - 11:30 a.m.

CVE-2008-5353

2008-12-0511:30:00
[email protected]
web.nvd.nist.gov
1

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by “deserializing Calendar objects”.

Affected configurations

NVD
Node
sunjdkRange5.0update_16
OR
sunjdkRange6update_10
OR
sunjdkMatch5.0update_1
OR
sunjdkMatch5.0update_10
OR
sunjdkMatch5.0update_11
OR
sunjdkMatch5.0update_12
OR
sunjdkMatch5.0update_13
OR
sunjdkMatch5.0update_14
OR
sunjdkMatch5.0update_15
OR
sunjdkMatch5.0update_2
OR
sunjdkMatch5.0update_3
OR
sunjdkMatch5.0update_4
OR
sunjdkMatch5.0update_5
OR
sunjdkMatch5.0update_6
OR
sunjdkMatch5.0update_7
OR
sunjdkMatch5.0update_8
OR
sunjdkMatch5.0update_9
OR
sunjdkMatch6
OR
sunjdkMatch6update_1
OR
sunjdkMatch6update_2
OR
sunjdkMatch6update_3
OR
sunjdkMatch6update_4
OR
sunjdkMatch6update_5
OR
sunjdkMatch6update_6
OR
sunjdkMatch6update_7
OR
sunjdkMatch6update_8
OR
sunjdkMatch6update_9
OR
sunjreRange1.4.2_18
OR
sunjreRange5.0update_16
OR
sunjreRange6update_10
OR
sunjreMatch1.4.2_1
OR
sunjreMatch1.4.2_2
OR
sunjreMatch1.4.2_3
OR
sunjreMatch1.4.2_4
OR
sunjreMatch1.4.2_5
OR
sunjreMatch1.4.2_6
OR
sunjreMatch1.4.2_7
OR
sunjreMatch1.4.2_8
OR
sunjreMatch1.4.2_9
OR
sunjreMatch1.4.2_10
OR
sunjreMatch1.4.2_11
OR
sunjreMatch1.4.2_12
OR
sunjreMatch1.4.2_13
OR
sunjreMatch1.4.2_14
OR
sunjreMatch1.4.2_15
OR
sunjreMatch1.4.2_16
OR
sunjreMatch1.4.2_17
OR
sunjreMatch5.0
OR
sunjreMatch5.0update_1
OR
sunjreMatch5.0update_10
OR
sunjreMatch5.0update_11
OR
sunjreMatch5.0update_12
OR
sunjreMatch5.0update_13
OR
sunjreMatch5.0update_14
OR
sunjreMatch5.0update_15
OR
sunjreMatch5.0update_2
OR
sunjreMatch5.0update_3
OR
sunjreMatch5.0update_4
OR
sunjreMatch5.0update_5
OR
sunjreMatch5.0update_6
OR
sunjreMatch5.0update_7
OR
sunjreMatch5.0update_8
OR
sunjreMatch5.0update_9
OR
sunjreMatch6
OR
sunjreMatch6update_1
OR
sunjreMatch6update_2
OR
sunjreMatch6update_3
OR
sunjreMatch6update_4
OR
sunjreMatch6update_5
OR
sunjreMatch6update_6
OR
sunjreMatch6update_7
OR
sunjreMatch6update_8
OR
sunjreMatch6update_9
OR
sunsdkRange1.4.2_18
OR
sunsdkMatch1.4.2_1
OR
sunsdkMatch1.4.2_2
OR
sunsdkMatch1.4.2_3
OR
sunsdkMatch1.4.2_4
OR
sunsdkMatch1.4.2_5
OR
sunsdkMatch1.4.2_6
OR
sunsdkMatch1.4.2_7
OR
sunsdkMatch1.4.2_8
OR
sunsdkMatch1.4.2_9
OR
sunsdkMatch1.4.2_10
OR
sunsdkMatch1.4.2_11
OR
sunsdkMatch1.4.2_12
OR
sunsdkMatch1.4.2_13
OR
sunsdkMatch1.4.2_14
OR
sunsdkMatch1.4.2_15
OR
sunsdkMatch1.4.2_16
OR
sunsdkMatch1.4.2_17

References

Related

cve 1
canvas 2
packetstorm 2
seebug 7
threatpost 3
cvelist 1
exploitpack 2
metasploit 1
prion 1
ubuntucve 1
symantec 1
exploitdb 4
checkpoint_advisories 1
openvas 41
nessus 32
securityvulns 2
redhat 6
ubuntu 1
fedora 2
suse 3
vmware 2
oracle 1
gentoo 1
cve
cve
CVE-2008-5353
2008-12-05 11:30:00
canvas
canvas
Immunity Canvas: JAVA_DESERIALIZE
2008-12-05 06:30:00
Immunity Canvas: JAVA_DESERIALIZE_WIN32
2008-12-05 11:30:00
packetstorm
packetstorm
Sun Java Calendar Deserialization
2009-10-27 00:00:00
Signed Applet Social Engineering Code Exec
2010-02-05 00:00:00
seebug
seebug
Mac OS X - Java applet Remote Deserialization Remote PoC (updated)
2014-07-01 00:00:00
Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserialization Exploit
2008-12-03 00:00:00
Sun Java Calendar Deserialization Exploit
2014-07-01 00:00:00
threatpost
threatpost
Serious Mac OS X Java vulnerability disclosed
2009-05-20 17:37:46
Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream
2012-08-30 02:03:14
Java Still a Favorite Target of Attackers
2011-11-30 19:39:18
cvelist
cvelist
CVE-2008-5353
2008-12-05 11:00:00
exploitpack
exploitpack
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
2008-12-03 00:00:00
Apple Mac OSX - Java applet Remote Deserialization Remote (2)
2009-05-20 00:00:00
metasploit
metasploit
Sun Java Calendar Deserialization Privilege Escalation
2009-12-15 20:37:15
prion
prion
Deserialization of untrusted data
2008-12-05 11:30:00
ubuntucve
ubuntucve
CVE-2008-5353
2008-12-05 00:00:00
symantec
symantec
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
2008-12-03 00:00:00
exploitdb
exploitdb
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
2008-12-03 00:00:00
Sun Java - Calendar Deserialization (Metasploit)
2010-09-20 00:00:00
Signed Applet Social Engineering - Code Execution (Metasploit)
2011-01-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Java Signed Applet (CVE-2008-5353; CVE-2010-0094; CVE-2010-0840)
2011-11-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-713-1)
2009-02-02 00:00:00
Ubuntu USN-713-1 (openjdk-6)
2009-02-02 00:00:00
RedHat Security Advisory RHSA-2009:0015
2009-01-20 00:00:00
nessus
nessus
Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)
2009-04-23 00:00:00
RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015)
2009-08-24 00:00:00
Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)
2008-12-08 00:00:00
securityvulns
securityvulns
[USN-713-1] openjdk-6 vulnerabilities
2009-01-31 00:00:00
Sun Java JRE / JDK / Web Start multiple security vulnerabilities
2009-04-23 00:00:00
redhat
redhat
(RHSA-2009:0015) Critical: java-1.6.0-ibm security update
2009-01-13 00:00:00
(RHSA-2009:0466) Low: java-1.5.0-ibm security update
2009-05-07 00:00:00
(RHSA-2009:0445) Critical: java-1.4.2-ibm security update
2009-04-23 00:00:00
ubuntu
ubuntu
openjdk-6 vulnerabilities
2009-01-27 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10
2008-12-07 04:33:22
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9
2008-12-07 04:27:51
suse
suse
local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm
2009-01-29 14:08:00
remote code execution in IBM Java 1.4.2 and 6
2009-04-07 14:51:07
remote code execution in Sun Java
2009-01-09 15:49:38
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
oracle
oracle
cpuapr2009.html
2009-04-14 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON
Related for NVD:CVE-2008-5353
cve1canvas2packetstorm2seebug7threatpost3cvelist1exploitpack2metasploit1prion1ubuntucve1symantec1exploitdb4checkpoint_advisories1openvas41nessus32securityvulns2redhat6ubuntu1fedora2suse3vmware2oracle1gentoo1