CVE-2008-5355

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
sunjdk
𝑥
≤ 5.0
sunjdk
𝑥
≤ 6
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjre
𝑥
≤ 1.4.2_18
sunjre
𝑥
≤ 5.0
sunjre
𝑥
≤ 6
sunjre
1.4.2_1:_1
sunjre
1.4.2_2:_2
sunjre
1.4.2_3:_3
sunjre
1.4.2_4:_4
sunjre
1.4.2_5:_5
sunjre
1.4.2_6:_6
sunjre
1.4.2_7:_7
sunjre
1.4.2_8:_8
sunjre
1.4.2_9:_9
sunjre
1.4.2_10:_10
sunjre
1.4.2_11:_11
sunjre
1.4.2_12:_12
sunjre
1.4.2_13:_13
sunjre
1.4.2_14:_14
sunjre
1.4.2_15:_15
sunjre
1.4.2_16:_16
sunjre
1.4.2_17:_17
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunsdk
𝑥
≤ 1.4.2_18
sunsdk
1.4.2_1:_1
sunsdk
1.4.2_2:_2
sunsdk
1.4.2_3:_3
sunsdk
1.4.2_4:_4
sunsdk
1.4.2_5:_5
sunsdk
1.4.2_6:_6
sunsdk
1.4.2_7:_7
sunsdk
1.4.2_8:_8
sunsdk
1.4.2_9:_9
sunsdk
1.4.2_10:_10
sunsdk
1.4.2_11:_11
sunsdk
1.4.2_12:_12
sunsdk
1.4.2_13:_13
sunsdk
1.4.2_14:_14
sunsdk
1.4.2_15:_15
sunsdk
1.4.2_16:_16
sunsdk
1.4.2_17:_17
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
intrepid
not-affected
hardy
not-affected
gutsy
dne
dapper
dne
sun-java5
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
not-affected
sun-java6
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
dne
Common Weakness Enumeration
References
http://osvdb.org/50498
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://www.securitytracker.com/id?1021315
http://www.us-cert.gov/cas/techalerts/TA08-340A.html
http://www.vupen.com/english/advisories/2008/3339
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664
http://osvdb.org/50498
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://www.securitytracker.com/id?1021315
http://www.us-cert.gov/cas/techalerts/TA08-340A.html
http://www.vupen.com/english/advisories/2008/3339
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5664