CVE-2008-1191

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."

References

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html

http://secunia.com/advisories/29239

http://secunia.com/advisories/29273

http://secunia.com/advisories/29582

http://secunia.com/advisories/29858

http://secunia.com/advisories/30676

http://secunia.com/advisories/30780

http://secunia.com/advisories/32018

http://security.gentoo.org/glsa/glsa-200804-28.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1

http://support.apple.com/kb/HT3178

http://support.apple.com/kb/HT3179

http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

http://www.redhat.com/support/errata/RHSA-2008-0186.html

http://www.redhat.com/support/errata/RHSA-2008-0267.html

http://www.securitytracker.com/id?1019549

http://www.us-cert.gov/cas/techalerts/TA08-066A.html

http://www.vmware.com/security/advisories/VMSA-2008-0010.html

http://www.vupen.com/english/advisories/2008/0770/references

http://www.vupen.com/english/advisories/2008/1856/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41029

https://exchange.xforce.ibmcloud.com/vulnerabilities/41136

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10167

Details

Source: MITRE

Published: 2008-03-06

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:*:*:*:*:*:*:*:* versions up to 6_update_4 (inclusive)

cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:* versions up to 6_update_4 (inclusive)

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
63854RHEL 5 : java-1.6.0-ibm (RHSA-2008:0267)NessusRed Hat Local Security Checks
high
60440Scientific Linux Security Update : java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
40717RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0186)NessusRed Hat Local Security Checks
high
40379VMSA-2008-0010 : Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenterNessusVMware ESX Local Security Checks
critical
40371VMSA-2008-00010 : Updated Tomcat and Java JRE packages for VMware, ESX 3.5 and VirtualCenter 2.5 (DEPRECATED)NessusVMware ESX Local Security Checks
critical
34291Mac OS X : Java for Mac OS X 10.4 Release 7NessusMacOS X Local Security Checks
high
34290Mac OS X : Java for Mac OS X 10.5 Update 2NessusMacOS X Local Security Checks
high
32013GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
31774openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5132)NessusSuSE Local Security Checks
high
31773openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5133)NessusSuSE Local Security Checks
high
31772SuSE 10 Security Update : Sun Java (ZYPP Patch Number 5131)NessusSuSE Local Security Checks
high
31771openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-5130)NessusSuSE Local Security Checks
high