Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 246266 Security Vulnerability in Java Runtime Environment May Allow Applets to List the Contents of the Current User's Home Directory |
| Informations | |||
|---|---|---|---|
| Name | SUN-246266 | First vendor Publication | 2008-12-03 |
| Vendor | Sun | Last vendor Modification | 2010-01-21 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Java Platform, Standard Edition 6 (Java SE 6) A security vulnerability in the Java Runtime Environment (JRE) mayallow an untrusted applet or application to list the contents of thehome directory of the user running the applet or application. Sun acknowledges, with thanks, Henri Torgemane and Sami Koivu for bringing this issue to our attention. State: Resolved First released: 03-Dec-2008 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_246266_security_vulnerability |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6424 | |||
| Oval ID: | oval:org.mitre.oval:def:6424 | ||
| Title: | Sun Java Runtime Environment Lets Remote Users View Directory Contents | ||
| Description: | Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5350 | Version: | 1 |
| Platform(s): | VMWare ESX Server 3.5 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 4 File : nvt/macosx_java_for_10_5_upd_4.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm0.nasl |
| 2009-10-13 | Name : SLES10: Security update for Sun Java 1.4.2 File : nvt/sles10_java-1_4_2-sun.nasl |
| 2009-10-13 | Name : SLES10: Security update for IBM Java 1.5.0 File : nvt/sles10_java-1_5_0-ibm2.nasl |
| 2009-10-11 | Name : SLES11: Security update for IBM Java 1.4.2 File : nvt/sles11_java-1_4_2-ibm.nasl |
| 2009-10-10 | Name : SLES9: Security update for Sun Java File : nvt/sles9p5040565.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java5 JRE and SDK File : nvt/sles9p5041763.nasl |
| 2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5046860.nasl |
| 2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
| 2009-05-05 | Name : HP-UX Update for Java HPSBUX02411 File : nvt/gb_hp_ux_HPSBUX02411.nasl |
| 2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0445 File : nvt/RHSA_2009_0445.nasl |
| 2009-03-13 | Name : Ubuntu USN-732-1 (dash) File : nvt/ubuntu_732_1.nasl |
| 2009-03-13 | Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl |
| 2009-03-13 | Name : SuSE Security Summary SUSE-SR:2009:006 File : nvt/suse_sr_2009_006.nasl |
| 2009-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10913 File : nvt/gb_fedora_2008_10913_java-1.6.0-openjdk_fc10.nasl |
| 2009-02-16 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860 File : nvt/gb_fedora_2008_10860_java-1.6.0-openjdk_fc9.nasl |
| 2009-02-02 | Name : Ubuntu USN-710-1 (xine-lib) File : nvt/ubuntu_710_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-711-1 (ktorrent) File : nvt/ubuntu_711_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-712-1 (vim) File : nvt/ubuntu_712_1.nasl |
| 2009-02-02 | Name : Ubuntu USN-713-1 (openjdk-6) File : nvt/ubuntu_713_1.nasl |
| 2009-01-20 | Name : RedHat Security Advisory RHSA-2009:0016 File : nvt/RHSA_2009_0016.nasl |
| 2009-01-20 | Name : RedHat Security Advisory RHSA-2009:0015 File : nvt/RHSA_2009_0015.nasl |
| 2009-01-13 | Name : SuSE Security Advisory SUSE-SA:2009:001 (Sun Java) File : nvt/suse_sa_2009_001.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 50503 | Sun Java JDK / JRE Untrusted Applet User Home Directory Content Listing |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-10-22 | IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0021867 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_244986_unix.nasl - Type : ACT_GATHER_INFO |
| 2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0466.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_40374.nasl - Type : ACT_GATHER_INFO |
| 2009-12-14 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_40375.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
| 2009-10-19 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12321.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5960.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-5852.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-090405.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12387.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12336.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0445.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1018.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0015.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1025.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090303.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO |
| 2009-07-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO |
| 2009-06-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-713-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10913.nasl - Type : ACT_GATHER_INFO |
| 2009-01-07 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5875.nasl - Type : ACT_GATHER_INFO |
| 2009-01-07 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-5876.nasl - Type : ACT_GATHER_INFO |
| 2008-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-10860.nasl - Type : ACT_GATHER_INFO |
| 2008-12-04 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_244986.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2013-02-06 19:08:21 |
|
