Login

Tenable Community & Support

Tenable University

CVE-2008-3107

HIGH

Description

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

References

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

http://marc.info/?l=bugtraq&m=122331139823057&w=2

http://secunia.com/advisories/31010

http://secunia.com/advisories/31055

http://secunia.com/advisories/31497

http://secunia.com/advisories/31600

http://secunia.com/advisories/32018

http://secunia.com/advisories/32179

http://secunia.com/advisories/32180

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1

http://support.apple.com/kb/HT3178

http://support.apple.com/kb/HT3179

http://www.redhat.com/support/errata/RHSA-2008-0594.html

http://www.redhat.com/support/errata/RHSA-2008-0595.html

http://www.securityfocus.com/archive/1/497041/100/0/threaded

http://www.securityfocus.com/bid/30141

http://www.securitytracker.com/id?1020455

http://www.us-cert.gov/cas/techalerts/TA08-193A.html

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

http://www.vupen.com/english/advisories/2008/2056/references

http://www.vupen.com/english/advisories/2008/2740

https://exchange.xforce.ibmcloud.com/vulnerabilities/43659

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10219

Details

Source: MITRE

Published: 2008-07-09

Updated: 2018-10-30

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_15:*:*:*:*:*:* versions up to 5.0 (inclusive)

cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:* versions up to 1.4.2_17 (inclusive)

cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_15:*:*:*:*:*:* versions up to 5.0 (inclusive)

cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:* versions up to 1.4.2_17 (inclusive)

Tenable Plugins

View all (22 total)

ID	Name	Product	Family	Severity
69874	Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)	Nessus	Misc.	critical
64833	Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)	Nessus	Misc.	critical
64832	Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix)	Nessus	Misc.	critical
64817	Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities (Unix)	Nessus	Misc.	critical
63858	RHEL 5 : java-1.6.0-sun (RHSA-2008:0594)	Nessus	Red Hat Local Security Checks	critical
60440	Scientific Linux Security Update : java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
43841	RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2008:0636)	Nessus	Red Hat Local Security Checks	critical
42834	GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
41224	SuSE9 Security Update : Java2 (YOU Patch Number 12206)	Nessus	SuSE Local Security Checks	critical
40723	RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0595)	Nessus	Red Hat Local Security Checks	critical
40383	VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues	Nessus	VMware ESX Local Security Checks	critical
40001	openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-97)	Nessus	SuSE Local Security Checks	critical
39996	openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-96)	Nessus	SuSE Local Security Checks	critical
34291	Mac OS X : Java for Mac OS X 10.4 Release 7	Nessus	MacOS X Local Security Checks	high
34290	Mac OS X : Java for Mac OS X 10.5 Update 2	Nessus	MacOS X Local Security Checks	high
34038	openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5435)	Nessus	SuSE Local Security Checks	critical
34037	openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5434)	Nessus	SuSE Local Security Checks	critical
34036	SuSE 10 Security Update : Java 1.4.2 (ZYPP Patch Number 5431)	Nessus	SuSE Local Security Checks	critical
34035	openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-5430)	Nessus	SuSE Local Security Checks	critical
33488	Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities	Nessus	Windows	high
33487	Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities	Nessus	Windows	high
33486	Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities	Nessus	Windows	high