6.8
CVSSv2

CVE-2008-3104

Published: 09/07/2008 Updated: 30/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x prior to 1.4.2_18, and SDK and JRE 1.3.x prior to 1.3.1_23 allow remote malicious users to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.

Vendor Advisories

Synopsis Important: java-142-bea security update Type/Severity Security Advisory: Important Topic java-142-bea as shipped in Red Hat Enterprise Linux 3 Extras, Red HatEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary,contains security flaws and should not be usedThis update has be ...
Synopsis Critical: java-142-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-142-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4Extras, and Red Hat Enterprise Linux 5 SupplementaryThis updat ...
Synopsis Important: java-150-bea security update Type/Severity Security Advisory: Important Topic java-150-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red HatEnterprise Linux 5 Supplementary, contains security flaws and should not beusedThis update has been rated as having important securit ...
Synopsis Important: java-160-bea security update Type/Severity Security Advisory: Important Topic java-160-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red HatEnterprise Linux 5 Supplementary, contains security flaws and should not beusedThis update has been rated as having important securit ...
Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and Red Hat EnterpriseLinux 5 SupplementaryThis update has been rated as having critical ...

References

NVD-CWE-noinfoCWE-264http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlhttp://marc.info/?l=bugtraq&m=122331139823057&w=2http://rhn.redhat.com/errata/RHSA-2008-0955.htmlhttp://secunia.com/advisories/31010http://secunia.com/advisories/31055http://secunia.com/advisories/31269http://secunia.com/advisories/31320http://secunia.com/advisories/31497http://secunia.com/advisories/31600http://secunia.com/advisories/31736http://secunia.com/advisories/32018http://secunia.com/advisories/32179http://secunia.com/advisories/32180http://secunia.com/advisories/32436http://secunia.com/advisories/32826http://secunia.com/advisories/33194http://secunia.com/advisories/33236http://secunia.com/advisories/33237http://secunia.com/advisories/33238http://secunia.com/advisories/35065http://secunia.com/advisories/37386http://security.gentoo.org/glsa/glsa-200911-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1http://support.apple.com/kb/HT3178http://support.apple.com/kb/HT3179http://support.avaya.com/elmodocs2/security/ASA-2008-428.htmhttp://support.avaya.com/elmodocs2/security/ASA-2008-507.htmhttp://support.avaya.com/elmodocs2/security/ASA-2008-509.htmhttp://www.redhat.com/support/errata/RHSA-2008-0594.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0595.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0790.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0906.htmlhttp://www.redhat.com/support/errata/RHSA-2008-1043.htmlhttp://www.redhat.com/support/errata/RHSA-2008-1044.htmlhttp://www.redhat.com/support/errata/RHSA-2008-1045.htmlhttp://www.securityfocus.com/archive/1/497041/100/0/threadedhttp://www.securityfocus.com/bid/30140http://www.securitytracker.com/id?1020459http://www.us-cert.gov/cas/techalerts/TA08-193A.htmlhttp://www.vmware.com/security/advisories/VMSA-2008-0016.htmlhttp://www.vupen.com/english/advisories/2008/2056/referenceshttp://www.vupen.com/english/advisories/2008/2740https://exchange.xforce.ibmcloud.com/vulnerabilities/43662https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-3104https://access.redhat.com/errata/RHSA-2008:1043https://nvd.nist.govhttp://tools.cisco.com/security/center/viewAlert.x?alertId=16241