RedHatRHSA-2008:1025

HistoryDec 04, 2008 - 12:00 a.m.

(RHSA-2008:1025) Critical: java-1.5.0-sun security update

2008-12-0400:00:00

access.redhat.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

The Java Runtime Environment (JRE) contains the software and tools that
users need to run applets and applications written using the Java
programming language.

A vulnerability was found in in Java Web Start. If a user visits a
malicious website, an attacker could misuse this flaw to execute arbitrary
code. (CVE-2008-2086)

Additionally, these packages fix several other vulnerabilities. These are
summarized in the “Advance notification of Security Updates for Java SE”
from Sun Microsystems.

Users of java-1.5.0-sun should upgrade to these updated packages, which
correct these issues.

nessus 42

openvas 54

redhat 7

suse 3

seebug 7

fedora 2

securityvulns 3

ubuntu 1

vmware 2

prion 20

cve 20

zdi 2

ubuntucve 12

saint 4

canvas 2

packetstorm 2

checkpoint_advisories 4

threatpost 2

exploitpack 2

metasploit 1

symantec 1

gentoo 1

exploitdb 4

oracle 1

nessus

SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336)

2009-09-24 00:00:00

RHEL 5 : java-1.5.0-sun (RHSA-2008:1025)

2009-08-24 00:00:00

RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0016)

2009-08-24 00:00:00

openvas

SLES10: Security update for IBM Java 1.5.0

2009-10-13 00:00:00

SLES10: Security update for IBM Java 1.4.2

2009-10-13 00:00:00

SLES9: Security update for IBM Java5 JRE and SDK

2009-10-10 00:00:00

redhat

(RHSA-2009:0016) Critical: java-1.5.0-ibm security update

2009-01-13 00:00:00

(RHSA-2009:0445) Critical: java-1.4.2-ibm security update

2009-04-23 00:00:00

(RHSA-2008:1018) Critical: java-1.6.0-sun security update

2008-12-04 00:00:00

suse

local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm

2009-01-29 14:08:00

remote code execution in IBM Java 1.4.2 and 6

2009-04-07 14:51:07

remote code execution in Sun Java

2009-01-09 15:49:38

seebug

Sun Java JDK/JRE安全更新修复多个漏洞

2008-12-09 00:00:00

Mac OS X - Java applet Remote Deserialization Remote PoC (updated)

2014-07-01 00:00:00

Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserialization Exploit

2008-12-03 00:00:00

fedora

[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9

2008-12-07 04:27:51

[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10

2008-12-07 04:33:22

securityvulns

Sun Java JRE / JDK / Web Start multiple security vulnerabilities

2009-04-23 00:00:00

[USN-713-1] openjdk-6 vulnerabilities

2009-01-31 00:00:00

[Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override

2008-12-04 00:00:00

ubuntu

openjdk-6 vulnerabilities

2009-01-27 00:00:00

vmware

VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues

2009-10-16 00:00:00

VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues

2009-10-16 00:00:00

prion

Authentication flaw

2008-12-05 11:30:00

Security feature bypass

2008-12-05 11:30:00

Heap overflow

2008-12-05 11:30:00

cve

CVE-2008-5359

2008-12-05 11:30:00

CVE-2008-5349

2008-12-05 11:30:00

CVE-2008-5348

2008-12-05 11:30:00

zdi

Sun Java AWT Library Sandbox Violation Vulnerability

2008-12-04 00:00:00

Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities

2008-12-04 00:00:00

ubuntucve

CVE-2008-5349

2008-12-05 00:00:00

CVE-2008-5350

2008-12-05 00:00:00

CVE-2008-5357

2008-12-05 00:00:00

saint

Java Runtime Environment JAR manifest Main Class buffer overflow

2009-02-26 00:00:00

Java Runtime Environment JAR manifest Main Class buffer overflow

2009-02-26 00:00:00

Java Runtime Environment JAR manifest Main Class buffer overflow

2009-02-26 00:00:00

canvas

Immunity Canvas: JAVA_DESERIALIZE

2008-12-05 06:30:00

Immunity Canvas: JAVA_DESERIALIZE_WIN32

2008-12-05 11:30:00

packetstorm

Sun Java Calendar Deserialization

2009-10-27 00:00:00

Signed Applet Social Engineering Code Exec

2010-02-05 00:00:00

checkpoint_advisories

Sun Java Runtime Environment JAR File Processing Stack Buffer Overflow (CVE-2008-5354)

2010-07-13 00:00:00

Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow (CVE-2008-2086)

2009-12-28 00:00:00

Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption (CVE-2008-5359)

2010-06-23 00:00:00

threatpost

Serious Mac OS X Java vulnerability disclosed

2009-05-20 17:37:46

Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream

2012-08-30 02:03:14

exploitpack

Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)

2008-12-03 00:00:00

Apple Mac OSX - Java applet Remote Deserialization Remote (2)

2009-05-20 00:00:00

metasploit

Sun Java Calendar Deserialization Privilege Escalation

2009-12-15 20:37:15

symantec

Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

2008-12-03 00:00:00

gentoo

Sun JDK/JRE: Multiple vulnerabilities

2009-11-17 00:00:00

exploitdb

Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)

2008-12-03 00:00:00

Apple Mac OSX - Java applet Remote Deserialization Remote (2)

2009-05-20 00:00:00

Signed Applet Social Engineering - Code Execution (Metasploit)

2011-01-08 00:00:00

oracle

cpuapr2009.html

2009-04-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Related for RHSA-2008:1025