Executive Summary

Summary
Title Sun Alert 245246 The Java Runtime Environment UTF-8 Decoder May Allow Multiple Representations of UTF-8 Input
Informations
Name SUN-245246 First vendor Publication 2008-12-03
Vendor Sun Last vendor Modification 2010-01-21
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Java Platform, Standard Edition 6 (Java SE 6)
State: Resolved
First released: 03-Dec-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_245246_the_java

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6212
 
Oval ID: oval:org.mitre.oval:def:6212
Title: Java Runtime Environment UTF-8 Decoding Bug May Let Users Bypass Access Restrictions
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5351
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 359
Application 395
Application 94

OpenVAS Exploits

Date Description
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm0.nasl
2009-10-13 Name : SLES10: Security update for Sun Java 1.4.2
File : nvt/sles10_java-1_4_2-sun.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm2.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm.nasl
2009-10-10 Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5046860.nasl
2009-10-10 Name : SLES9: Security update for IBM Java5 JRE and SDK
File : nvt/sles9p5041763.nasl
2009-10-10 Name : SLES9: Security update for Sun Java
File : nvt/sles9p5040565.nasl
2009-05-20 Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-05 Name : HP-UX Update for Java HPSBUX02411
File : nvt/gb_hp_ux_HPSBUX02411.nasl
2009-04-28 Name : RedHat Security Advisory RHSA-2009:0445
File : nvt/RHSA_2009_0445.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0369
File : nvt/RHSA_2009_0369.nasl
2009-03-13 Name : SuSE Security Summary SUSE-SR:2009:006
File : nvt/suse_sr_2009_006.nasl
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl
2009-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10913
File : nvt/gb_fedora_2008_10913_java-1.6.0-openjdk_fc10.nasl
2009-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860
File : nvt/gb_fedora_2008_10860_java-1.6.0-openjdk_fc9.nasl
2009-02-02 Name : Ubuntu USN-710-1 (xine-lib)
File : nvt/ubuntu_710_1.nasl
2009-02-02 Name : Ubuntu USN-711-1 (ktorrent)
File : nvt/ubuntu_711_1.nasl
2009-02-02 Name : Ubuntu USN-712-1 (vim)
File : nvt/ubuntu_712_1.nasl
2009-02-02 Name : Ubuntu USN-713-1 (openjdk-6)
File : nvt/ubuntu_713_1.nasl
2009-01-20 Name : RedHat Security Advisory RHSA-2009:0016
File : nvt/RHSA_2009_0016.nasl
2009-01-13 Name : SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)
File : nvt/suse_sa_2009_001.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50502 Sun Java JDK / JRE UTF-8 Decoder Non-shortest Form Sequence Handling Weakness

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_244986_unix.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0466.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40374.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40375.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12336.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-5960.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-sun-5852.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12387.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12321.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0445.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1018.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1025.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0369.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090303.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-713-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10913.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-5875.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-5876.nasl - Type : ACT_GATHER_INFO
2008-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10860.nasl - Type : ACT_GATHER_INFO
2008-12-04 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_244986.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:21
  • Multiple Updates