CVE-2008-5347

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

http://marc.info/?l=bugtraq&m=123678756409861&w=2

http://marc.info/?l=bugtraq&m=126583436323697&w=2

http://osvdb.org/50506

http://rhn.redhat.com/errata/RHSA-2008-1018.html

http://secunia.com/advisories/32991

http://secunia.com/advisories/33015

http://secunia.com/advisories/33528

http://secunia.com/advisories/33709

http://secunia.com/advisories/34233

http://secunia.com/advisories/34259

http://secunia.com/advisories/37386

http://secunia.com/advisories/38539

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-246366-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019798.1-1

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

http://www.redhat.com/support/errata/RHSA-2009-0015.html

http://www.securityfocus.com/bid/32608

http://www.securitytracker.com/id?1021307

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

http://www.vupen.com/english/advisories/2008/3339

http://www.vupen.com/english/advisories/2009/0672

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47068

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5633

Details

Source: MITRE

Published: 2008-12-05

Updated: 2017-09-29

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
89116VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)NessusMisc.
critical
64828Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)NessusMisc.
critical
43143HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25NessusHP-UX Local Security Checks
critical
43142HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25NessusHP-UX Local Security Checks
critical
42834GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
42179VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issuesNessusVMware ESX Local Security Checks
high
41526SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)NessusSuSE Local Security Checks
critical
41263SuSE9 Security Update : Sun Java (YOU Patch Number 12321)NessusSuSE Local Security Checks
critical
40737RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015)NessusRed Hat Local Security Checks
critical
40732RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)NessusRed Hat Local Security Checks
critical
40731RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)NessusRed Hat Local Security Checks
critical
40241openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)NessusSuSE Local Security Checks
critical
40238openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)NessusSuSE Local Security Checks
critical
40235openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)NessusSuSE Local Security Checks
critical
40002openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)NessusSuSE Local Security Checks
critical
39997openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)NessusSuSE Local Security Checks
critical
39435Mac OS X : Java for Mac OS X 10.5 Update 4NessusMacOS X Local Security Checks
high
37381Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)NessusUbuntu Local Security Checks
critical
37147Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)NessusFedora Local Security Checks
critical
35306openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)NessusSuSE Local Security Checks
critical
35305openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)NessusSuSE Local Security Checks
critical
35046Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)NessusFedora Local Security Checks
critical
35030Sun Java JRE Multiple Vulnerabilities (244986 et al)NessusWindows
high