CVE-2008-5341

critical

Description

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6529

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

http://www.vupen.com/english/advisories/2009/0672

http://www.vupen.com/english/advisories/2008/3339

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

http://www.redhat.com/support/errata/RHSA-2009-0369.html

http://www.redhat.com/support/errata/RHSA-2009-0016.html

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://secunia.com/advisories/38539

http://secunia.com/advisories/37386

http://secunia.com/advisories/34605

http://secunia.com/advisories/34447

http://secunia.com/advisories/34233

http://secunia.com/advisories/33710

http://secunia.com/advisories/33015

http://secunia.com/advisories/32991

http://rhn.redhat.com/errata/RHSA-2008-1025.html

http://rhn.redhat.com/errata/RHSA-2008-1018.html

http://marc.info/?l=bugtraq&m=126583436323697&w=2

http://marc.info/?l=bugtraq&m=123678756409861&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

Details

Source: Mitre, NVD

Published: 2008-12-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical