CVE-2008-5342

MEDIUM

Description

Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.

References

http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://marc.info/?l=bugtraq&m=123678756409861&w=2

http://marc.info/?l=bugtraq&m=126583436323697&w=2

http://osvdb.org/50514

http://rhn.redhat.com/errata/RHSA-2008-1018.html

http://rhn.redhat.com/errata/RHSA-2008-1025.html

http://secunia.com/advisories/32991

http://secunia.com/advisories/33015

http://secunia.com/advisories/33710

http://secunia.com/advisories/34233

http://secunia.com/advisories/34447

http://secunia.com/advisories/34605

http://secunia.com/advisories/34889

http://secunia.com/advisories/35065

http://secunia.com/advisories/37386

http://secunia.com/advisories/38539

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1

http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

http://www.redhat.com/support/errata/RHSA-2009-0016.html

http://www.redhat.com/support/errata/RHSA-2009-0369.html

http://www.redhat.com/support/errata/RHSA-2009-0445.html

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

http://www.vupen.com/english/advisories/2008/3339

http://www.vupen.com/english/advisories/2009/0424

http://www.vupen.com/english/advisories/2009/0672

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6359

Details

Source: MITRE

Published: 2008-12-05

Updated: 2017-09-29

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM