Executive Summary

Informations
NameCVE-2008-5344First vendor Publication2008-12-05
VendorCveLast vendor Modification2017-09-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6249
 
Oval ID: oval:org.mitre.oval:def:6249
Title: Sun Java Web Start and Java Plug-in applet class security bypass
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5344
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application359
Application395
Application94

OpenVAS Exploits

DateDescription
2010-05-28Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2009-11-23Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_200911_02.nasl
2009-10-13Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm0.nasl
2009-10-13Name : SLES10: Security update for Sun Java 1.4.2
File : nvt/sles10_java-1_4_2-sun.nasl
2009-10-13Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm2.nasl
2009-10-11Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm.nasl
2009-10-10Name : SLES9: Security update for Sun Java
File : nvt/sles9p5040565.nasl
2009-10-10Name : SLES9: Security update for IBM Java5 JRE and SDK
File : nvt/sles9p5041763.nasl
2009-10-10Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5046860.nasl
2009-05-20Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-05Name : HP-UX Update for Java HPSBUX02411
File : nvt/gb_hp_ux_HPSBUX02411.nasl
2009-04-28Name : RedHat Security Advisory RHSA-2009:0445
File : nvt/RHSA_2009_0445.nasl
2009-03-13Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl
2009-01-20Name : RedHat Security Advisory RHSA-2009:0015
File : nvt/RHSA_2009_0015.nasl
2009-01-20Name : RedHat Security Advisory RHSA-2009:0016
File : nvt/RHSA_2009_0016.nasl
2009-01-13Name : SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)
File : nvt/suse_sa_2009_001.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
50513Sun Java JDK / JRE Applet Classloading Privilege Escalation

Information Assurance Vulnerability Management (IAVM)

DateDescription
2009-10-22IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

DateDescription
2016-03-03Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2013-02-22Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_244986_unix.nasl - Type : ACT_GATHER_INFO
2009-12-14Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40374.nasl - Type : ACT_GATHER_INFO
2009-12-14Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40375.nasl - Type : ACT_GATHER_INFO
2009-11-18Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12321.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12336.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12387.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-sun-5852.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-5960.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1018.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1025.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0015.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0445.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-09Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-17Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-01-07Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-5875.nasl - Type : ACT_GATHER_INFO
2009-01-07Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-5876.nasl - Type : ACT_GATHER_INFO
2008-12-04Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_244986.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CERT http://www.us-cert.gov/cas/techalerts/TA08-340A.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914...
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
GENTOO http://security.gentoo.org/glsa/glsa-200911-02.xml
HP http://marc.info/?l=bugtraq&m=123678756409861&w=2
http://marc.info/?l=bugtraq&m=126583436323697&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2008-1018.html
http://rhn.redhat.com/errata/RHSA-2008-1025.html
http://www.redhat.com/support/errata/RHSA-2009-0015.html
http://www.redhat.com/support/errata/RHSA-2009-0016.html
http://www.redhat.com/support/errata/RHSA-2009-0445.html
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1
SUSE http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
VUPEN http://www.vupen.com/english/advisories/2008/3339
http://www.vupen.com/english/advisories/2009/0672
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/47057

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2019-07-31 12:02:36
  • Multiple Updates
2018-11-30 12:02:36
  • Multiple Updates
2018-10-10 12:02:31
  • Multiple Updates
2017-09-29 09:23:50
  • Multiple Updates
2017-08-08 09:24:32
  • Multiple Updates
2016-08-23 09:24:33
  • Multiple Updates
2016-06-28 17:21:50
  • Multiple Updates
2016-04-26 18:05:17
  • Multiple Updates
2016-03-04 13:26:24
  • Multiple Updates
2014-02-17 10:47:28
  • Multiple Updates
2013-11-11 12:38:06
  • Multiple Updates
2013-05-11 00:31:42
  • Multiple Updates