Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 238967 Security Vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted Application or Applet to Elevate Privileges |
| Informations | |||
|---|---|---|---|
| Name | SUN-238967 | First vendor Publication | 2008-07-08 |
| Vendor | Sun | Last vendor Modification | 2008-07-08 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Java Platform, Standard Edition (Java SE) State: Resolved First released: 08-Jul-2008 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_238967_security_vulnerability |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10219 | |||
| Oval ID: | oval:org.mitre.oval:def:10219 | ||
| Title: | Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
| Description: | Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3107 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux Extras 4 Red Hat Enterprise Linux Extras 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 2 File : nvt/macosx_java_for_10_5_upd_2.nasl |
| 2009-10-13 | Name : SLES10: Security update for Java 1.4.2 File : nvt/sles10_java-1_4_2-sun0.nasl |
| 2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5033740.nasl |
| 2009-01-23 | Name : SuSE Update for Sun Java security update SUSE-SA:2008:042 File : nvt/gb_suse_2008_042.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 46963 | Sun Java JDK / JRE Virtual Machine Untrusted Application Privilege Escalation |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_psn_2012_08_689.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_5_16_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_jre_6_7_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host has an application that is affected by multiple vulnerab... File : sun_java_j2se_4_2_18_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0594.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_java__jdk_1_5_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0636.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12206.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0595.nasl - Type : ACT_GATHER_INFO |
| 2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0016.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-080715.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-080715.nasl - Type : ACT_GATHER_INFO |
| 2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_10_5_update2.nasl - Type : ACT_GATHER_INFO |
| 2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel7.nasl - Type : ACT_GATHER_INFO |
| 2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-5430.nasl - Type : ACT_GATHER_INFO |
| 2008-08-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-5431.nasl - Type : ACT_GATHER_INFO |
| 2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5434.nasl - Type : ACT_GATHER_INFO |
| 2008-08-24 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-5435.nasl - Type : ACT_GATHER_INFO |
| 2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_5_16.nasl - Type : ACT_GATHER_INFO |
| 2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_jre_6_7.nasl - Type : ACT_GATHER_INFO |
| 2008-07-15 | Name : The remote Windows host has an application that is affected by multiple vulne... File : sun_java_j2se_4_2_18.nasl - Type : ACT_GATHER_INFO |
