CVE-2008-3106
Vulnerability Summary
Timeline
Description
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 15.78%• Percentile: 95%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- sun•jdk
≤ 5.0 | ≤ 6 | 5.0:update_1 | 5.0:update_10 | 5.0:update_11 | 5.0:update_12 | 5.0:update_13 | 5.0:update_14 | 5.0:update_2 | 5.0:update_3 | 5.0:update_4 | 5.0:update_5 | 5.0:update_6 | 5.0:update_7 | 5.0:update_8 | 5.0:update_9 | 6:update_1 | 6:update_2 | 6:update_3 | 6:update_4 | 6:update_5
- sun•jre
≤ 5.0 | ≤ 6 | 5.0:update_1 | 5.0:update_10 | 5.0:update_11 | 5.0:update_12 | 5.0:update_13 | 5.0:update_14 | 5.0:update_2 | 5.0:update_3 | 5.0:update_4 | 5.0:update_5 | 5.0:update_6 | 5.0:update_7 | 5.0:update_8 | 5.0:update_9 | 6:update_1 | 6:update_2 | 6:update_3 | 6:update_4 | 6:update_5
References (40)
- http://www.redhat.com/support/errata/RHSA-2008-1044.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866
- http://secunia.com/advisories/32436
- http://www.securitytracker.com/id?1020457
- http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
- http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm
- http://secunia.com/advisories/31600
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://secunia.com/advisories/32018
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://secunia.com/advisories/32179
- http://www.vupen.com/english/advisories/2008/2740
- http://secunia.com/advisories/31320
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717
- http://secunia.com/advisories/33237
- http://www.vupen.com/english/advisories/2008/2056/references
- http://secunia.com/advisories/32180
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://secunia.com/advisories/31736
- http://www.securityfocus.com/bid/30143
- http://www.redhat.com/support/errata/RHSA-2008-0594.html
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014
- http://secunia.com/advisories/31497
- http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
- http://www.redhat.com/support/errata/RHSA-2008-1045.html
- http://secunia.com/advisories/33238
- http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
- http://www.redhat.com/support/errata/RHSA-2008-0790.html
- http://www.redhat.com/support/errata/RHSA-2008-0906.html
- http://www.us-cert.gov/cas/techalerts/TA08-193A.html
- http://secunia.com/advisories/37386
- http://support.apple.com/kb/HT3179
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43658
- http://secunia.com/advisories/31010