Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2008-5355

Published: 05/12/2008 Updated: 29/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sun

Vulnerability Summary

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and previous versions; JDK and JRE 5.0 Update 16 and previous versions; and SDK and JRE 1.4.2_18 and previous versions does not verify the signature of the JRE that is downloaded, which allows remote malicious users to execute arbitrary code via DNS man-in-the-middle attacks.

Vulnerable Product Search on Vulmon Subscribe to Product

sun jdk 6

sun jre 6

sun jre 5.0

sun jdk 5.0

sun jdk

sun jre 1.4.2_15

sun sdk 1.4.2_15

sun jre 1.4.2_11

sun sdk 1.4.2_11

sun sdk 1.4.2_7

sun jre 1.4.2_6

sun sdk 1.4.2_3

sun jre 1.4.2_2

sun jre

sun jre 1.4.2_17

sun sdk 1.4.2_17

sun jre 1.4.2_13

sun sdk 1.4.2_13

sun jre 1.4.2_9

sun sdk 1.4.2_9

sun jre 1.4.2_8

sun sdk 1.4.2_5

sun jre 1.4.2_4

sun sdk 1.4.2_1

sun sdk

sun jre 1.4.2_14

sun sdk 1.4.2_14

sun jre 1.4.2_10

sun sdk 1.4.2_10

sun sdk 1.4.2_6

sun jre 1.4.2_5

sun sdk 1.4.2_2

sun jre 1.4.2_1

sun jre 1.4.2_16

sun sdk 1.4.2_16

sun jre 1.4.2_12

sun sdk 1.4.2_12

sun sdk 1.4.2_8

sun jre 1.4.2_7

sun sdk 1.4.2_4

sun jre 1.4.2_3

References

CWE-287http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1http://www.us-cert.gov/cas/techalerts/TA08-340A.htmlhttp://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdfhttp://www.securitytracker.com/id?1021315http://osvdb.org/50498http://security.gentoo.org/glsa/glsa-200911-02.xmlhttp://secunia.com/advisories/37386http://www.vupen.com/english/advisories/2008/3339https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook