CVE-2008-5355

EUVD-2008-5332
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
sunjdk
𝑥
≤ 5.0
sunjdk
𝑥
≤ 6
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjre
𝑥
≤ 1.4.2_18
sunjre
𝑥
≤ 5.0
sunjre
𝑥
≤ 6
sunjre
1.4.2_1:_1
sunjre
1.4.2_2:_2
sunjre
1.4.2_3:_3
sunjre
1.4.2_4:_4
sunjre
1.4.2_5:_5
sunjre
1.4.2_6:_6
sunjre
1.4.2_7:_7
sunjre
1.4.2_8:_8
sunjre
1.4.2_9:_9
sunjre
1.4.2_10:_10
sunjre
1.4.2_11:_11
sunjre
1.4.2_12:_12
sunjre
1.4.2_13:_13
sunjre
1.4.2_14:_14
sunjre
1.4.2_15:_15
sunjre
1.4.2_16:_16
sunjre
1.4.2_17:_17
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunsdk
𝑥
≤ 1.4.2_18
sunsdk
1.4.2_1:_1
sunsdk
1.4.2_2:_2
sunsdk
1.4.2_3:_3
sunsdk
1.4.2_4:_4
sunsdk
1.4.2_5:_5
sunsdk
1.4.2_6:_6
sunsdk
1.4.2_7:_7
sunsdk
1.4.2_8:_8
sunsdk
1.4.2_9:_9
sunsdk
1.4.2_10:_10
sunsdk
1.4.2_11:_11
sunsdk
1.4.2_12:_12
sunsdk
1.4.2_13:_13
sunsdk
1.4.2_14:_14
sunsdk
1.4.2_15:_15
sunsdk
1.4.2_16:_16
sunsdk
1.4.2_17:_17
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
dapper
dne
gutsy
dne
hardy
not-affected
intrepid
not-affected
sun-java5
dapper
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
sun-java6
dapper
dne
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
Common Weakness Enumeration
References
http://osvdb.org/50498
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://www.securitytracker.com/id?1021315
http://www.us-cert.gov/cas/techalerts/TA08-340A.html
http://www.vupen.com/english/advisories/2008/3339
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664
http://osvdb.org/50498
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://www.securitytracker.com/id?1021315
http://www.us-cert.gov/cas/techalerts/TA08-340A.html
http://www.vupen.com/english/advisories/2008/3339
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664