CVE-2008-5347

high

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.

References

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

http://marc.info/?l=bugtraq&m=123678756409861&w=2

http://marc.info/?l=bugtraq&m=126583436323697&w=2

http://osvdb.org/50506

http://rhn.redhat.com/errata/RHSA-2008-1018.html

http://secunia.com/advisories/32991

http://secunia.com/advisories/33015

http://secunia.com/advisories/33528

http://secunia.com/advisories/33709

http://secunia.com/advisories/34233

http://secunia.com/advisories/34259

http://secunia.com/advisories/37386

http://secunia.com/advisories/38539

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-246366-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019798.1-1

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

http://www.redhat.com/support/errata/RHSA-2009-0015.html

http://www.securityfocus.com/bid/32608

http://www.securitytracker.com/id?1021307

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

http://www.vupen.com/english/advisories/2008/3339

http://www.vupen.com/english/advisories/2009/0672

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47068

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5633

Details

Source: MITRE

Published: 2008-12-05

Updated: 2017-09-29

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_10:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_10:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

ID	Name	Product	Family	Severity
89116	VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)	Nessus	Misc.	critical
64828	Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)	Nessus	Misc.	critical
43143	HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25	Nessus	HP-UX Local Security Checks	critical
43142	HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25	Nessus	HP-UX Local Security Checks	critical
42834	GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
42179	VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues	Nessus	VMware ESX Local Security Checks	high
41526	SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)	Nessus	SuSE Local Security Checks	critical
41263	SuSE9 Security Update : Sun Java (YOU Patch Number 12321)	Nessus	SuSE Local Security Checks	critical
40737	RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015)	Nessus	Red Hat Local Security Checks	critical
40732	RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)	Nessus	Red Hat Local Security Checks	critical
40731	RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)	Nessus	Red Hat Local Security Checks	critical
40241	openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)	Nessus	SuSE Local Security Checks	critical
40238	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)	Nessus	SuSE Local Security Checks	critical
40235	openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)	Nessus	SuSE Local Security Checks	critical
40002	openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)	Nessus	SuSE Local Security Checks	critical
39997	openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)	Nessus	SuSE Local Security Checks	critical
39435	Mac OS X : Java for Mac OS X 10.5 Update 4	Nessus	MacOS X Local Security Checks	high
37381	Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)	Nessus	Ubuntu Local Security Checks	critical
37147	Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)	Nessus	Fedora Local Security Checks	critical
35306	openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)	Nessus	SuSE Local Security Checks	critical
35305	openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)	Nessus	SuSE Local Security Checks	critical
35046	Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)	Nessus	Fedora Local Security Checks	critical
35030	Sun Java JRE Multiple Vulnerabilities (244986 et al)	Nessus	Windows	high

CVE-2008-5347

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

critical

critical

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

high

critical

critical

critical

critical

critical

high