Lucene search
Ubuntu.comUB:CVE-2008-5355HistoryDec 05, 2008 - 12:00 a.m.
CVE-2008-5355
2008-12-0500:00:00
ubuntu.com
ubuntu.com
9
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.111 Low
EPSS
Percentile
95.1%
The “Java Update” feature for Java Runtime Environment (JRE) for Sun JDK
and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and
SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE
that is downloaded, which allows remote attackers to execute arbitrary code
via DNS man-in-the-middle attacks.
Notes
| Author | Note |
|---|---|
| kees | http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1 6728071 internal Java Updates are disabled on Ubuntu |
Related
prion
prion
Design/Logic Flaw
2008-12-05 11:30:00
cve
cve
CVE-2008-5355
2008-12-05 11:30:00
nessus
nessus
Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)
2013-02-22 00:00:00
RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)
2009-08-24 00:00:00
Sun Java JRE Multiple Vulnerabilities (244986 et al)
2008-12-04 00:00:00
suse
suse
remote code execution in Sun Java
2009-01-09 15:49:38
openvas
openvas
SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)
2009-01-13 00:00:00
SLES9: Security update for Sun Java
2009-10-10 00:00:00
SLES9: Security update for Sun Java
2009-10-10 00:00:00
seebug
seebug
Sun Java JDK/JRE安全更新修复多个漏洞
2008-12-09 00:00:00
vmware
vmware
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.111 Low
EPSS
Percentile
95.1%
Related for UB:CVE-2008-5355