CVE-2008-5349

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

http://osvdb.org/50504

http://rhn.redhat.com/errata/RHSA-2008-1018.html

http://rhn.redhat.com/errata/RHSA-2008-1025.html

http://secunia.com/advisories/32991

http://secunia.com/advisories/33015

http://secunia.com/advisories/33709

http://secunia.com/advisories/34259

http://secunia.com/advisories/34972

http://secunia.com/advisories/35255

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-246286-1

http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

http://www.redhat.com/support/errata/RHSA-2009-0016.html

http://www.securityfocus.com/archive/1/504010/100/0/threaded

http://www.securityfocus.com/bid/32608

http://www.securitytracker.com/id?1021309

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

http://www.vupen.com/english/advisories/2008/3339

http://www.vupen.com/english/advisories/2009/1426

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47064

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5843

https://rhn.redhat.com/errata/RHSA-2009-0466.html

Details

Source: MITRE

Published: 2008-12-05

Updated: 2018-10-11

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_16:*:*:*:*:*:* versions up to 5.0 (inclusive)

cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_10:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:* versions up to 5.0 (inclusive)

cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_10:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
89116VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)NessusMisc.
critical
64828Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)NessusMisc.
critical
49859SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6523)NessusSuSE Local Security Checks
high
43843RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0466)NessusRed Hat Local Security Checks
critical
42834GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
42179VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issuesNessusVMware ESX Local Security Checks
high
42135RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1505)NessusRed Hat Local Security Checks
high
41967SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6508)NessusSuSE Local Security Checks
high
41956SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 1336)NessusSuSE Local Security Checks
high
41954SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12511)NessusSuSE Local Security Checks
high
41526SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)NessusSuSE Local Security Checks
critical
41263SuSE9 Security Update : Sun Java (YOU Patch Number 12321)NessusSuSE Local Security Checks
critical
40738RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0016)NessusRed Hat Local Security Checks
critical
40732RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025)NessusRed Hat Local Security Checks
critical
40731RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)NessusRed Hat Local Security Checks
critical
40241openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)NessusSuSE Local Security Checks
critical
40238openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)NessusSuSE Local Security Checks
critical
40235openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)NessusSuSE Local Security Checks
critical
40002openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376)NessusSuSE Local Security Checks
critical
39997openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375)NessusSuSE Local Security Checks
critical
39766Mac OS X : Java for Mac OS X 10.4 Release 9NessusMacOS X Local Security Checks
high
39435Mac OS X : Java for Mac OS X 10.5 Update 4NessusMacOS X Local Security Checks
high
37381Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)NessusUbuntu Local Security Checks
critical
37147Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)NessusFedora Local Security Checks
critical
35306openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876)NessusSuSE Local Security Checks
critical
35305openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875)NessusSuSE Local Security Checks
critical
35046Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860)NessusFedora Local Security Checks
critical
35030Sun Java JRE Multiple Vulnerabilities (244986 et al)NessusWindows
high