Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2008-5343

Published: 05/12/2008 Updated: 29/09/2017
CVSS v2 Base Score: 9 | Impact Score: 8.5 | Exploitability Score: 10
VMScore: 801
Vector: AV:N/AC:L/Au:N/C:C/I:P/A:P
Subscribe to Jdk

Vulnerability Summary

Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and previous versions; JDK and JRE 5.0 Update 16 and previous versions; and SDK and JRE 1.4.2_18 and previous versions allows remote malicious users to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jdk 6

sun jre 6

sun jre 5.0

sun jre

sun jdk 5.0

sun sdk

sun jre 1.4.2_14

sun sdk 1.4.2_14

sun sdk 1.4.2_10

sun jre 1.4.2_9

sun sdk 1.4.2_6

sun jre 1.4.2_5

sun sdk 1.4.2_2

sun jre 1.4.2_1

sun jre 1.4.2_16

sun sdk 1.4.2_16

sun jre 1.4.2_12

sun sdk 1.4.2_12

sun jre 1.4.2_11

sun sdk 1.4.2_8

sun jre 1.4.2_7

sun sdk 1.4.2_4

sun jre 1.4.2_3

sun jdk

sun jre 1.4.2_17

sun sdk 1.4.2_17

sun jre 1.4.2_13

sun sdk 1.4.2_13

sun sdk 1.4.2_9

sun jre 1.4.2_8

sun sdk 1.4.2_5

sun jre 1.4.2_4

sun sdk 1.4.2_1

sun jre 1.4.2_15

sun sdk 1.4.2_15

sun sdk 1.4.2_11

sun jre 1.4.2_10

sun sdk 1.4.2_7

sun jre 1.4.2_6

sun sdk 1.4.2_3

sun jre 1.4.2_2

Vendor Advisories

Red Hat: Critical: java-1.5.0-ibm security update
Synopsis Critical: java-150-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-150-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...
Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...
Red Hat: Critical: java-1.6.0-ibm security update
Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and Red Hat EnterpriseLinux 5 SupplementaryThis update has been rated as having critical ...
Red Hat: Critical: java-1.4.2-ibm security update
Synopsis Critical: java-142-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-142-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4Extras, and Red Hat Enterprise Linux 5 SupplementaryThis updat ...
Red Hat: Critical: java-1.5.0-sun security update
Synopsis Critical: java-150-sun security update Type/Severity Security Advisory: Critical Topic Updated java-150-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...

References

NVD-CWE-noinfohttp://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1http://rhn.redhat.com/errata/RHSA-2008-1025.htmlhttp://secunia.com/advisories/33015http://secunia.com/advisories/32991http://rhn.redhat.com/errata/RHSA-2008-1018.htmlhttp://xs-sniper.com/blog/2008/12/17/sun-fixes-gifars/http://www.securityfocus.com/bid/32892http://www.us-cert.gov/cas/techalerts/TA08-340A.htmlhttp://secunia.com/advisories/33710http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.htmlhttp://lists.apple.com/archives/security-announce/2009/Feb/msg00003.htmlhttp://www.vupen.com/english/advisories/2009/0424http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=http://support.avaya.com/elmodocs2/security/ASA-2009-012.htmhttp://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdfhttp://www.redhat.com/support/errata/RHSA-2009-0016.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2008-486.htmhttp://www.vupen.com/english/advisories/2009/0672http://marc.info/?l=bugtraq&m=123678756409861&w=2http://secunia.com/advisories/34233http://www.redhat.com/support/errata/RHSA-2009-0369.htmlhttp://secunia.com/advisories/34447http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.htmlhttp://secunia.com/advisories/34605http://www.redhat.com/support/errata/RHSA-2009-0445.htmlhttp://secunia.com/advisories/34889http://secunia.com/advisories/35065http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlhttp://osvdb.org/50512http://security.gentoo.org/glsa/glsa-200911-02.xmlhttp://secunia.com/advisories/37386http://secunia.com/advisories/38539http://www.vupen.com/english/advisories/2008/3339http://marc.info/?l=bugtraq&m=126583436323697&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5924https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2009:0016
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook