Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2008-5353
HistoryDec 05, 2008 - 12:00 a.m.

CVE-2008-5353

2008-12-0500:00:00
ubuntu.com
ubuntu.com
26

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and
earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18
and earlier does not properly enforce context of ZoneInfo objects during
deserialization, which allows remote attackers to run untrusted applets and
applications in a privileged context, as demonstrated by “deserializing
Calendar objects”.

Notes

Author Note
kees http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1 6734167
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenjdk-6< 6b11-2ubuntu2.1UNKNOWN
ubuntu8.10noarchopenjdk-6< 6b12-0ubuntu6.1UNKNOWN
ubuntu8.04noarchsun-java5< 1.5.0-22-0ubuntu0.8.04UNKNOWN
ubuntu8.10noarchsun-java5< 1.5.0-19-0ubuntu0.8.10UNKNOWN
ubuntu9.04noarchsun-java5< 1.5.0-19-0ubuntu0.9.04UNKNOWN
ubuntu8.04noarchsun-java6< 6-17-0ubuntu1.8.04UNKNOWN
ubuntu8.10noarchsun-java6< 6-14-0ubuntu1.8.10UNKNOWN
ubuntu9.04noarchsun-java6< 6-16-0ubuntu1.9.04UNKNOWN
ubuntu9.10noarchsun-java6< 6-15-1UNKNOWN

Related

canvas 2
seebug 7
packetstorm 2
cve 1
threatpost 3
exploitpack 2
symantec 1
metasploit 1
prion 1
exploitdb 4
checkpoint_advisories 1
nessus 32
securityvulns 2
openvas 41
ubuntu 1
redhat 6
fedora 2
suse 3
vmware 2
oracle 1
gentoo 1
canvas
canvas
Immunity Canvas: JAVA_DESERIALIZE
2008-12-05 06:30:00
Immunity Canvas: JAVA_DESERIALIZE_WIN32
2008-12-05 11:30:00
seebug
seebug
Mac OS X - Java applet Remote Deserialization Remote PoC (updated)
2014-07-01 00:00:00
Sun Java Runtime and Development Kit &lt;= 6 update 10 Calendar Deserialization Exploit
2008-12-03 00:00:00
Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit
2014-07-01 00:00:00
packetstorm
packetstorm
Sun Java Calendar Deserialization
2009-10-27 00:00:00
Signed Applet Social Engineering Code Exec
2010-02-05 00:00:00
cve
cve
CVE-2008-5353
2008-12-05 11:30:00
threatpost
threatpost
Serious Mac OS X Java vulnerability disclosed
2009-05-20 17:37:46
Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream
2012-08-30 02:03:14
Java Still a Favorite Target of Attackers
2011-11-30 19:39:18
exploitpack
exploitpack
Apple Mac OSX - Java applet Remote Deserialization Remote (2)
2009-05-20 00:00:00
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
2008-12-03 00:00:00
symantec
symantec
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
2008-12-03 00:00:00
metasploit
metasploit
Sun Java Calendar Deserialization Privilege Escalation
2009-12-15 20:37:15
prion
prion
Deserialization of untrusted data
2008-12-05 11:30:00
exploitdb
exploitdb
Sun Java Runtime and Development Kit 6 Update 10 - Calendar Deserialization (Metasploit)
2008-12-03 00:00:00
Signed Applet Social Engineering - Code Execution (Metasploit)
2011-01-08 00:00:00
Apple Mac OSX - Java applet Remote Deserialization Remote (2)
2009-05-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Java Signed Applet (CVE-2008-5353; CVE-2010-0094; CVE-2010-0840)
2011-11-01 00:00:00
nessus
nessus
Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)
2009-04-23 00:00:00
RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015)
2009-08-24 00:00:00
Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)
2009-04-23 00:00:00
securityvulns
securityvulns
[USN-713-1] openjdk-6 vulnerabilities
2009-01-31 00:00:00
Sun Java JRE / JDK / Web Start multiple security vulnerabilities
2009-04-23 00:00:00
openvas
openvas
Ubuntu USN-713-1 (openjdk-6)
2009-02-02 00:00:00
Ubuntu: Security Advisory (USN-713-1)
2009-02-02 00:00:00
RedHat Security Advisory RHSA-2009:0015
2009-01-20 00:00:00
ubuntu
ubuntu
openjdk-6 vulnerabilities
2009-01-27 00:00:00
redhat
redhat
(RHSA-2009:0015) Critical: java-1.6.0-ibm security update
2009-01-13 00:00:00
(RHSA-2009:0445) Critical: java-1.4.2-ibm security update
2009-04-23 00:00:00
(RHSA-2009:0466) Low: java-1.5.0-ibm security update
2009-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9
2008-12-07 04:27:51
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10
2008-12-07 04:33:22
suse
suse
remote code execution in IBM Java 1.4.2 and 6
2009-04-07 14:51:07
local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm
2009-01-29 14:08:00
remote code execution in Sun Java
2009-01-09 15:49:38
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
oracle
oracle
cpuapr2009.html
2009-04-14 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for UB:CVE-2008-5353
canvas2seebug7packetstorm2cve1threatpost3exploitpack2symantec1metasploit1prion1exploitdb4checkpoint_advisories1nessus32securityvulns2openvas41ubuntu1redhat6fedora2suse3vmware2oracle1gentoo1