10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.057 Low
EPSS
Percentile
92.5%
The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.
A flaw was found in the Java Management Extensions (JMX) management agent.
When local monitoring is enabled, remote attackers could use this flaw to
perform illegal operations. (CVE-2008-3103)
Several flaws involving the handling of unsigned applets were found. A
remote attacker could misuse an unsigned applet in order to connect to
services on the host running the applet. (CVE-2008-3104)
Several flaws in the Java API for XML Web Services (JAX-WS) client and the
JAX-WS service implementation were found. A remote attacker who could cause
malicious XML to be processed by an application could access URLs, or cause
a denial of service. (CVE-2008-3105, CVE-2008-3106)
Several flaws within the Java Runtime Environment (JRE) scripting support
were found. A remote attacker could grant an untrusted applet extended
privileges, such as reading and writing local files, executing
local programs, or querying the sensitive data of other applets.
(CVE-2008-3109, CVE-2008-3110)
A flaw in Java Web Start was found. Using an untrusted Java Web
Start application, a remote attacker could create or delete arbitrary
files with the permissions of the user running the untrusted application.
(CVE-2008-3112)
A flaw in Java Web Start when processing untrusted applications was found.
An attacker could use this flaw to acquire sensitive information, such as
the location of the cache. (CVE-2008-3114)
All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.6.0 SR2 Java release, which resolves these
issues.