This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Unix host contains a runtime environment that is affected by
The version of Sun Java Runtime Environment (JRE) installed on the
remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /
1.3.1_24. Such versions are potentially affected by the following
security issues :
- The JRE creates temporary files with insufficiently
random names. (244986)
- There are multiple buffer overflow vulnerabilities
involving the JRE's image processing code, its
handling of GIF images, and its font processing.
- It may be possible for an attacker to bypass security
checks due to the manner in which it handles the
'non-shortest form' of UTF-8 byte sequences.
- There are multiple security vulnerabilities in Java
Web Start and Java Plug-in that may allow for privilege
- The JRE Java Update mechanism does not check the digital
signature of the JRE that it downloads. (244989)
- A buffer overflow may allow an untrusted Java
application that is launched through the command line to
elevate its privileges. (244990)
- A vulnerability related to deserializing calendar
objects may allow an untrusted applet or application to
elevate its privileges. (244991)
- A buffer overflow affects the 'unpack200' JAR unpacking
utility and may allow an untrusted applet or application
to elevate its privileges with unpacking applets and
Java Web Start applications. (244992)
- The UTF-8 decoder accepts encodings longer than the
'shortest' form. Although not a vulnerability per se,
it may be leveraged to exploit software that relies on
the JRE UTF-8 decoder to reject the 'non-shortest form'
- An untrusted applet or application may be able to list
the contents of the home directory of the user running
the applet or application. (246266)
- A denial of service vulnerability may be triggered when
the JRE handles certain RSA public keys. (246286)
- A vulnerability may be triggered while authenticating
users through Kerberos and lead to a system-wide denial
of service due to excessive consumption of operating
system resources. (246346)
- Security vulnerabilities in the JAX-WS and JAXB packages
where internal classes can be accessed may allow an
untrusted applet or application to elevate privileges.
- An untrusted applet or application when parsing zip
files may be able to read arbitrary memory locations in
the process that the applet or application is running.
- The JRE allows code loaded from the local filesystem to
access localhost. (246387)
See also :
Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK
/ JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove, if necessary,
any affected versions.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Nessus Plugin ID: 64828 ()
Bugtraq ID: 30633326083262032892
CVE ID: CVE-2008-2086CVE-2008-5339CVE-2008-5340CVE-2008-5341CVE-2008-5342CVE-2008-5343CVE-2008-5344CVE-2008-5345CVE-2008-5346CVE-2008-5347CVE-2008-5348CVE-2008-5349CVE-2008-5350CVE-2008-5351CVE-2008-5352CVE-2008-5353CVE-2008-5354CVE-2008-5355CVE-2008-5356CVE-2008-5357CVE-2008-5358CVE-2008-5359CVE-2008-5360
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.