Lucene search

[email protected]CVE-2008-1188

HistoryMar 06, 2008 - 9:44 p.m.

CVE-2008-1188

2008-03-0621:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1188

buffer overflow

java web start

sun jdk

jre

remote code execution

security vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.9 High

AI Score

Confidence

High

0.546 Medium

EPSS

Percentile

97.7%

JSON

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka “The first two issues.”

Affected configurations

NVD

Node

sunjdkMatch1.5.0-

sunjdkMatch1.5.0update1

sunjdkMatch1.5.0update10

sunjdkMatch1.5.0update11

sunjdkMatch1.5.0update12

sunjdkMatch1.5.0update13

sunjdkMatch1.5.0update14

sunjdkMatch1.5.0update2

sunjdkMatch1.5.0update3

sunjdkMatch1.5.0update4

sunjdkMatch1.5.0update5

sunjdkMatch1.5.0update6

sunjdkMatch1.5.0update7

sunjdkMatch1.5.0update8

sunjdkMatch1.5.0update9

sunjdkMatch1.6.0-

sunjdkMatch1.6.0update_3

sunjdkMatch1.6.0update_4

Node

sunjreMatch1.5.0-

sunjreMatch1.5.0update1

sunjreMatch1.5.0update10

sunjreMatch1.5.0update11

sunjreMatch1.5.0update12

sunjreMatch1.5.0update13

sunjreMatch1.5.0update14

sunjreMatch1.5.0update2

sunjreMatch1.5.0update3

sunjreMatch1.5.0update4

sunjreMatch1.5.0update5

sunjreMatch1.5.0update6

sunjreMatch1.5.0update7

sunjreMatch1.5.0update8

sunjreMatch1.5.0update9

sunjreMatch1.6.0-

sunjreMatch1.6.0update_1

sunjreMatch1.6.0update_2

sunjreMatch1.6.0update_3

sunjreMatch1.6.0update_4

CPENameOperatorVersion
sun:jdksun jdkeq1.5.0
sun:jdksun jdkeq1.6.0

CPE	Name	Operator	Version
sun:jdk	sun jdk	eq	1.5.0
sun:jdk	sun jdk	eq	1.6.0

References

lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

secunia.com/advisories/29239

secunia.com/advisories/29273

secunia.com/advisories/29498

secunia.com/advisories/29582

secunia.com/advisories/29858

secunia.com/advisories/29897

secunia.com/advisories/30676

secunia.com/advisories/30780

secunia.com/advisories/31497

secunia.com/advisories/32018

security.gentoo.org/glsa/glsa-200804-28.xml

sunsolve.sun.com/search/document.do?assetkey=1-26-233323-1

support.apple.com/kb/HT3178

support.apple.com/kb/HT3179

www.gentoo.org/security/en/glsa/glsa-200804-20.xml

www.gentoo.org/security/en/glsa/glsa-200806-11.xml

www.redhat.com/support/errata/RHSA-2008-0186.html

www.redhat.com/support/errata/RHSA-2008-0210.html

www.redhat.com/support/errata/RHSA-2008-0267.html

www.securitytracker.com/id?1019549

www.us-cert.gov/cas/techalerts/TA08-066A.html

www.vmware.com/security/advisories/VMSA-2008-0010.html

www.vupen.com/english/advisories/2008/0770/references

www.vupen.com/english/advisories/2008/1856/references

www.zerodayinitiative.com/advisories/ZDI-08-009/

www.zerodayinitiative.com/advisories/ZDI-08-010/

exchange.xforce.ibmcloud.com/vulnerabilities/41029

exchange.xforce.ibmcloud.com/vulnerabilities/41133

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11209

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.9 High

AI Score

Confidence

High

0.546 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2008-1188

prion2 nvd2 cvelist2 cve1 ubuntucve2 securityvulns3 zdi2 checkpoint_advisories1 nessus17 redhat5 openvas22 suse2 f52 vmware2 gentoo1