CVE-2008-3109
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
| Software | From | Fixed in |
|---|---|---|
| sun / jre | 6-update_3 | 6-update_3.x |
| sun / jre | 6-update_4 | 6-update_4.x |
| sun / jdk | 6-update_1 | 6-update_1.x |
| sun / jdk | 6-update_3 | 6-update_3.x |
| sun / jre | 6-update_2 | 6-update_2.x |
| sun / jdk | 6-update_4 | 6-update_4.x |
| sun / jre | - | 6.x |
| sun / jre | 6-update_5 | 6-update_5.x |
| sun / jdk | - | 6.x |
| sun / jdk | 6-update_2 | 6-update_2.x |
| sun / jre | 6-update_1 | 6-update_1.x |
| sun / jdk | 6-update_5 | 6-update_5.x |
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/31010
- http://secunia.com/advisories/31600
- http://secunia.com/advisories/32018
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://secunia.com/advisories/32436
- http://secunia.com/advisories/33238
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
- http://support.apple.com/kb/HT3179
- http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
- http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm
- http://www.redhat.com/support/errata/RHSA-2008-0594.html
- http://www.redhat.com/support/errata/RHSA-2008-0906.html
- http://www.redhat.com/support/errata/RHSA-2008-1045.html
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/30144
- http://www.securitytracker.com/id?1020456
- http://www.us-cert.gov/cas/techalerts/TA08-193A.html
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.vupen.com/english/advisories/2008/2056/references
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43660
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8540
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime