10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.057 Low
EPSS
Percentile
92.5%
The Java Runtime Environment (JRE) contains the software and tools that
users need to run applets and applications written using the Java
programming language.
A vulnerability was found in the Java Management Extensions (JMX)
management agent, when local monitoring is enabled. This allowed remote
attackers to perform illegal operations. (CVE-2008-3103)
Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)
Several vulnerabilities in the Java API for XML Web Services (JAX-WS)
client and service implementation were found. A remote attacker who caused
malicious XML to be processed by a trusted or untrusted application was
able access URLs or cause a denial of service. (CVE-2008-3105, CVE-2008-3106)
A JRE vulnerability could be triggered by an untrusted application or
applet. A remote attacker could grant an untrusted applet or application
extended privileges such as being able to read and write local files, or
execute local programs. (CVE-2008-3107)
Several vulnerabilities within the JRE scripting support were reported. A
remote attacker could grant an untrusted applet extended privileges such as
reading and writing local files, executing local programs, or querying the
sensitive data of other applets. (CVE-2008-3109, CVE-2008-3110)
A vulnerability in Java Web Start was found. A remote attacker was able to
create arbitrary files with the permissions of the user running the
untrusted Java Web Start application. (CVE-2008-3112)
Another vulnerability in Java Web Start when processing untrusted
applications was reported. An attacker was able to acquire sensitive
information, such as the cache location. (CVE-2008-3114)
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues.