10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.3 High
AI Score
Confidence
High
0.971 High
EPSS
Percentile
99.8%
It was discovered that Java did not correctly handle untrusted applets.
If a user were tricked into running a malicious applet, a remote attacker
could gain user privileges, or list directory contents. (CVE-2008-5347,
CVE-2008-5350)
It was discovered that Kerberos authentication and RSA public key
processing were not correctly handled in Java. A remote attacker
could exploit these flaws to cause a denial of service. (CVE-2008-5348,
CVE-2008-5349)
It was discovered that Java accepted UTF-8 encodings that might be
handled incorrectly by certain applications. A remote attacker could
bypass string filters, possible leading to other exploits. (CVE-2008-5351)
Overflows were discovered in Java JAR processing. If a user or
automated system were tricked into processing a malicious JAR file,
a remote attacker could crash the application, leading to a denial of
service. (CVE-2008-5352, CVE-2008-5354)
It was discovered that Java calendar objects were not unserialized safely.
If a user or automated system were tricked into processing a specially
crafted calendar object, a remote attacker could execute arbitrary code
with user privileges. (CVE-2008-5353)
It was discovered that the Java image handling code could lead to memory
corruption. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could crash the application,
leading to a denial of service. (CVE-2008-5358, CVE-2008-5359)
It was discovered that temporary files created by Java had predictable
names. If a user or automated system were tricked into processing a
specially crafted JAR file, a remote attacker could overwrite sensitive
information. (CVE-2008-5360)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.10 | noarch | openjdk-6-jre-headless | < 6b12-0ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | icedtea6-plugin | < 6b12-0ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-dbg | < 6b12-0ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-demo | < 6b12-0ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-jdk | < 6b12-0ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-jre | < 6b12-0ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-jre | < headless-6b12-0ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-jre-lib | < 6b12-0ubuntu6.1 | UNKNOWN |
ubuntu.com/security/CVE-2008-5347
ubuntu.com/security/CVE-2008-5348
ubuntu.com/security/CVE-2008-5349
ubuntu.com/security/CVE-2008-5350
ubuntu.com/security/CVE-2008-5351
ubuntu.com/security/CVE-2008-5352
ubuntu.com/security/CVE-2008-5353
ubuntu.com/security/CVE-2008-5354
ubuntu.com/security/CVE-2008-5358
ubuntu.com/security/CVE-2008-5359
ubuntu.com/security/CVE-2008-5360