CVE-2008-1195

Executive Summary

Informations
Name	CVE-2008-1195	First vendor Publication	2008-03-06
Vendor	Cve	Last vendor Modification	2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

Impacts

Provides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9486

Oval ID:	oval:org.mitre.oval:def:9486
Title:	Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
Description:	Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2008-1195	Version:	3
Platform(s):	Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5	Product(s):
Definition Synopsis:
IF redhat-release is version 4 AND java-1.5.0-ibm-javacomm is earlier than 0:1.5.0.7-1jpp.2.el4 AND java-1.5.0-ibm-devel is earlier than 0:1.5.0.7-1jpp.2.el4 AND java-1.5.0-ibm-src is earlier than 0:1.5.0.7-1jpp.2.el4 AND java-1.5.0-sun-plugin is earlier than 0:1.5.0.15-1jpp.2.el4 AND java-1.5.0-ibm-demo is earlier than 0:1.5.0.7-1jpp.2.el4 AND java-1.5.0-sun is earlier than 0:1.5.0.15-1jpp.2.el4 AND java-1.5.0-ibm is earlier than 0:1.5.0.7-1jpp.2.el4 AND java-1.5.0-sun-demo is earlier than 0:1.5.0.15-1jpp.2.el4 AND java-1.5.0-sun-jdbc is earlier than 0:1.5.0.15-1jpp.2.el4 AND java-1.5.0-sun-src is earlier than 0:1.5.0.15-1jpp.2.el4 AND java-1.5.0-ibm-jdbc is earlier than 0:1.5.0.7-1jpp.2.el4 AND java-1.5.0-ibm-plugin is earlier than 0:1.5.0.7-1jpp.2.el4 AND java-1.5.0-sun-devel is earlier than 0:1.5.0.15-1jpp.2.el4 OR redhat-release is version 5 AND java-1.5.0-ibm-javacomm is earlier than 0:1.5.0.7-1jpp.2.el5 AND java-1.5.0-ibm-devel is earlier than 0:1.5.0.7-1jpp.2.el5 AND java-1.5.0-sun-plugin is earlier than 0:1.5.0.15-1jpp.2.el5 AND java-1.5.0-sun is earlier than 0:1.5.0.15-1jpp.2.el5 AND java-1.6.0-ibm-accessibility is earlier than 0:1.6.0.1-1jpp.2.el5 AND java-1.6.0-ibm-jdbc is earlier than 0:1.6.0.1-1jpp.2.el5 AND java-1.6.0-ibm-src is earlier than 0:1.6.0.1-1jpp.2.el5 AND java-1.6.0-ibm-javacomm is earlier than 0:1.6.0.1-1jpp.2.el5 AND java-1.5.0-ibm-plugin is earlier than 0:1.5.0.7-1jpp.2.el5 AND java-1.6.0-ibm is earlier than 0:1.6.0.1-1jpp.2.el5 AND java-1.6.0-ibm-plugin is earlier than 0:1.6.0.1-1jpp.2.el5 AND java-1.6.0-ibm-devel is earlier than 0:1.6.0.1-1jpp.2.el5 AND java-1.5.0-ibm-src is earlier than 0:1.5.0.7-1jpp.2.el5 AND java-1.6.0-ibm-demo is earlier than 0:1.6.0.1-1jpp.2.el5 AND java-1.5.0-ibm-demo is earlier than 0:1.5.0.7-1jpp.2.el5 AND java-1.5.0-ibm-accessibility is earlier than 0:1.5.0.7-1jpp.2.el5 AND java-1.5.0-ibm is earlier than 0:1.5.0.7-1jpp.2.el5 AND java-1.5.0-sun-demo is earlier than 0:1.5.0.15-1jpp.2.el5 AND java-1.5.0-sun-jdbc is earlier than 0:1.5.0.15-1jpp.2.el5 AND java-1.5.0-ibm-jdbc is earlier than 0:1.5.0.7-1jpp.2.el5 AND java-1.5.0-sun-src is earlier than 0:1.5.0.15-1jpp.2.el5 AND java-1.5.0-sun-devel is earlier than 0:1.5.0.15-1jpp.2.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sun Jdk cpe:/a:sun:jdk:6_update_4 cpe:/a:sun:jdk:5.0_update_14 cpe:/a:sun:jdk:1.4.2_16	3
Application	Sun Jre cpe:/a:sun:jre:6_update_4 cpe:/a:sun:jre:5.0_update_14 cpe:/a:sun:jre:1.4.2_16	3

Open Source Vulnerability Database (OSVDB)

id	Description
42601	Sun Java JRE JavaScript Arbitrary Java API Access

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/490196/100/0/threaded
CERT	http://www.us-cert.gov/cas/techalerts/TA08-066A.html http://www.us-cert.gov/cas/techalerts/TA08-087A.html
CONFIRM	http://support.apple.com/kb/HT3178 http://support.apple.com/kb/HT3179 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128 http://www.mozilla.org/security/announce/2008/mfsa2008-18.html http://www.vmware.com/security/advisories/VMSA-2008-0010.html
GENTOO	http://security.gentoo.org/glsa/glsa-200804-28.xml http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
REDHAT	http://www.redhat.com/support/errata/RHSA-2008-0186.html http://www.redhat.com/support/errata/RHSA-2008-0210.html http://www.redhat.com/support/errata/RHSA-2008-0267.html
SECTRACK	http://www.securitytracker.com/id?1019553
SECUNIA	http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29498 http://secunia.com/advisories/29526 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29560 http://secunia.com/advisories/29582 http://secunia.com/advisories/29645 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30620 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://secunia.com/advisories/31497 http://secunia.com/advisories/32018
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
UBUNTU	http://www.ubuntu.com/usn/usn-592-1
VUPEN	http://www.vupen.com/english/advisories/2008/0770/references http://www.vupen.com/english/advisories/2008/0998/references http://www.vupen.com/english/advisories/2008/1793/references http://www.vupen.com/english/advisories/2008/1856/references
XF	http://xforce.iss.net/xforce/xfdb/41030

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:11:58	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	6
osvdb(s)	1

Related	Severity
VMSA-2008-0010	(Critical)
RHSA-2008:0210	(Critical)
GLSA-200806-11	(Critical)
GLSA-200804-28	(Critical)
GLSA-200804-20	(Critical)
USN-592-1	(Critical)
TA08-087A	(Critical)
TA08-066A	(Critical)
SUN-238492	(Critical)
SUN-233326	(Critical)
RHSA-2008:0267	(Critical)
RHSA-2008:0186	(Critical)
MDVSA-2008:080	(Critical)