CVE-2008-3109

HIGH

Description

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

References

http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

http://marc.info/?l=bugtraq&m=122331139823057&w=2

http://secunia.com/advisories/31010

http://secunia.com/advisories/31600

http://secunia.com/advisories/32018

http://secunia.com/advisories/32179

http://secunia.com/advisories/32180

http://secunia.com/advisories/32436

http://secunia.com/advisories/33238

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1

http://support.apple.com/kb/HT3179

http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm

http://www.redhat.com/support/errata/RHSA-2008-0594.html

http://www.redhat.com/support/errata/RHSA-2008-0906.html

http://www.redhat.com/support/errata/RHSA-2008-1045.html

http://www.securityfocus.com/archive/1/497041/100/0/threaded

http://www.securityfocus.com/bid/30144

http://www.securitytracker.com/id?1020456

http://www.us-cert.gov/cas/techalerts/TA08-193A.html

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

http://www.vupen.com/english/advisories/2008/2056/references

http://www.vupen.com/english/advisories/2008/2740

https://exchange.xforce.ibmcloud.com/vulnerabilities/43660

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8540

Details

Source: MITRE

Published: 2008-07-09

Updated: 2018-10-11

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:* versions up to 6 (inclusive)

Tenable Plugins

View all (12 total)

ID	Name	Product	Family	Severity
69874	Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)	Nessus	Misc.	critical
64833	Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)	Nessus	Misc.	critical
63858	RHEL 5 : java-1.6.0-sun (RHSA-2008:0594)	Nessus	Red Hat Local Security Checks	critical
42834	GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
40735	RHEL 4 / 5 : java-1.6.0-bea (RHSA-2008:1045)	Nessus	Red Hat Local Security Checks	high
40728	RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2008:0906)	Nessus	Red Hat Local Security Checks	critical
40383	VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues	Nessus	VMware ESX Local Security Checks	critical
40001	openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-97)	Nessus	SuSE Local Security Checks	critical
34291	Mac OS X : Java for Mac OS X 10.4 Release 7	Nessus	MacOS X Local Security Checks	high
34290	Mac OS X : Java for Mac OS X 10.5 Update 2	Nessus	MacOS X Local Security Checks	high
34038	openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5435)	Nessus	SuSE Local Security Checks	critical
33488	Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities	Nessus	Windows	high