CVE-2008-1187

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.

References

http://dev2dev.bea.com/pub/advisory/277

http://download.novell.com/Download?buildid=q5exhSqeBjA~

http://jvn.jp/en/jp/JVN04032535/index.html

http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

http://secunia.com/advisories/29239

http://secunia.com/advisories/29273

http://secunia.com/advisories/29498

http://secunia.com/advisories/29582

http://secunia.com/advisories/29841

http://secunia.com/advisories/29858

http://secunia.com/advisories/29897

http://secunia.com/advisories/29999

http://secunia.com/advisories/30003

http://secunia.com/advisories/30676

http://secunia.com/advisories/30780

http://secunia.com/advisories/31067

http://secunia.com/advisories/31497

http://secunia.com/advisories/31580

http://secunia.com/advisories/31586

http://secunia.com/advisories/32018

http://security.gentoo.org/glsa/glsa-200804-28.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1

http://support.apple.com/kb/HT3178

http://support.apple.com/kb/HT3179

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html

http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

http://www.redhat.com/support/errata/RHSA-2008-0186.html

http://www.redhat.com/support/errata/RHSA-2008-0210.html

http://www.redhat.com/support/errata/RHSA-2008-0243.html

http://www.redhat.com/support/errata/RHSA-2008-0244.html

http://www.redhat.com/support/errata/RHSA-2008-0245.html

http://www.redhat.com/support/errata/RHSA-2008-0267.html

http://www.redhat.com/support/errata/RHSA-2008-0555.html

http://www.securitytracker.com/id?1019548

http://www.us-cert.gov/cas/techalerts/TA08-066A.html

http://www.vmware.com/security/advisories/VMSA-2008-0010.html

http://www.vupen.com/english/advisories/2008/0770/references

http://www.vupen.com/english/advisories/2008/1252

http://www.vupen.com/english/advisories/2008/1856/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41025

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278

Details

Source: MITRE

Published: 2008-03-06

Updated: 2017-09-29

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_14:*:*:*:*:*:* versions up to 5.0 (inclusive)

cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_4:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:* versions up to 1.4.2_14 (inclusive)

cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_14:*:*:*:*:*:* versions up to 5.0 (inclusive)

cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_4:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:* versions up to 1.4.2_16 (inclusive)

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
63854RHEL 5 : java-1.6.0-ibm (RHSA-2008:0267)NessusRed Hat Local Security Checks
high
63852RHEL 5 : java-1.6.0-bea (RHSA-2008:0245)NessusRed Hat Local Security Checks
high
60440Scientific Linux Security Update : java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
41226SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12210)NessusSuSE Local Security Checks
medium
41210SuSE9 Security Update : IBM Java 2 JRE and SDK (YOU Patch Number 12142)NessusSuSE Local Security Checks
high
40722RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2008:0555)NessusRed Hat Local Security Checks
medium
40721RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0244)NessusRed Hat Local Security Checks
high
40720RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:0243)NessusRed Hat Local Security Checks
medium
40718RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0210)NessusRed Hat Local Security Checks
critical
40717RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0186)NessusRed Hat Local Security Checks
high
40379VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenterNessusVMware ESX Local Security Checks
critical
40371VMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)NessusVMware ESX Local Security Checks
critical
34291Mac OS X : Java for Mac OS X 10.4 Release 7NessusMacOS X Local Security Checks
high
34290Mac OS X : Java for Mac OS X 10.5 Update 2NessusMacOS X Local Security Checks
high
34024SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 5465)NessusSuSE Local Security Checks
medium
32050SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)NessusSuSE Local Security Checks
critical
32049SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 5182)NessusSuSE Local Security Checks
high
32013GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
31774openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5132)NessusSuSE Local Security Checks
high
31773openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5133)NessusSuSE Local Security Checks
high
31772SuSE 10 Security Update : Sun Java (ZYPP Patch Number 5131)NessusSuSE Local Security Checks
high
31771openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-5130)NessusSuSE Local Security Checks
high