CVE-2008-5340 - OpenCVE

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Sun	Sdk Jdk Jre

Configuration 1 [-]

OR	cpe:2.3:a:sun:jdk::update_16::::::*
	cpe:2.3:a:sun:jdk::update_10::::::*
	cpe:2.3:a:sun:jdk:5.0:update_1::::::
	cpe:2.3:a:sun:jdk:5.0:update_10::::::
	cpe:2.3:a:sun:jdk:5.0:update_11::::::
	cpe:2.3:a:sun:jdk:5.0:update_12::::::
	cpe:2.3:a:sun:jdk:5.0:update_13::::::
	cpe:2.3:a:sun:jdk:5.0:update_14::::::
	cpe:2.3:a:sun:jdk:5.0:update_15::::::
	cpe:2.3:a:sun:jdk:5.0:update_2::::::
	cpe:2.3:a:sun:jdk:5.0:update_3::::::
	cpe:2.3:a:sun:jdk:5.0:update_4::::::
	cpe:2.3:a:sun:jdk:5.0:update_5::::::
	cpe:2.3:a:sun:jdk:5.0:update_6::::::
	cpe:2.3:a:sun:jdk:5.0:update_7::::::
	cpe:2.3:a:sun:jdk:5.0:update_8::::::
	cpe:2.3:a:sun:jdk:5.0:update_9::::::
	cpe:2.3:a:sun:jdk:6:::::::*
	cpe:2.3:a:sun:jdk:6:update_1::::::
	cpe:2.3:a:sun:jdk:6:update_2::::::
	cpe:2.3:a:sun:jdk:6:update_3::::::
	cpe:2.3:a:sun:jdk:6:update_4::::::
	cpe:2.3:a:sun:jdk:6:update_5::::::
	cpe:2.3:a:sun:jdk:6:update_6::::::
	cpe:2.3:a:sun:jdk:6:update_7::::::
	cpe:2.3:a:sun:jdk:6:update_8::::::
	cpe:2.3:a:sun:jdk:6:update_9::::::
	cpe:2.3:a:sun:jre::::::::
	cpe:2.3:a:sun:jre::update_16::::::*
	cpe:2.3:a:sun:jre::update_10::::::*
	cpe:2.3:a:sun:jre:1.4.2_1:::::::*
	cpe:2.3:a:sun:jre:1.4.2_2:::::::*
	cpe:2.3:a:sun:jre:1.4.2_3:::::::*
	cpe:2.3:a:sun:jre:1.4.2_4:::::::*
	cpe:2.3:a:sun:jre:1.4.2_5:::::::*
	cpe:2.3:a:sun:jre:1.4.2_6:::::::*
	cpe:2.3:a:sun:jre:1.4.2_7:::::::*
	cpe:2.3:a:sun:jre:1.4.2_8:::::::*
	cpe:2.3:a:sun:jre:1.4.2_9:::::::*
	cpe:2.3:a:sun:jre:1.4.2_10:::::::*
	cpe:2.3:a:sun:jre:1.4.2_11:::::::*
	cpe:2.3:a:sun:jre:1.4.2_12:::::::*
	cpe:2.3:a:sun:jre:1.4.2_13:::::::*
	cpe:2.3:a:sun:jre:1.4.2_14:::::::*
	cpe:2.3:a:sun:jre:1.4.2_15:::::::*
	cpe:2.3:a:sun:jre:1.4.2_16:::::::*
	cpe:2.3:a:sun:jre:1.4.2_17:::::::*
	cpe:2.3:a:sun:jre:5.0:::::::*
	cpe:2.3:a:sun:jre:5.0:update_1::::::
	cpe:2.3:a:sun:jre:5.0:update_10::::::
	cpe:2.3:a:sun:jre:5.0:update_11::::::
	cpe:2.3:a:sun:jre:5.0:update_12::::::
	cpe:2.3:a:sun:jre:5.0:update_13::::::
	cpe:2.3:a:sun:jre:5.0:update_14::::::
	cpe:2.3:a:sun:jre:5.0:update_15::::::
	cpe:2.3:a:sun:jre:5.0:update_2::::::
	cpe:2.3:a:sun:jre:5.0:update_3::::::
	cpe:2.3:a:sun:jre:5.0:update_4::::::
	cpe:2.3:a:sun:jre:5.0:update_5::::::
	cpe:2.3:a:sun:jre:5.0:update_6::::::
	cpe:2.3:a:sun:jre:5.0:update_7::::::
	cpe:2.3:a:sun:jre:5.0:update_8::::::
	cpe:2.3:a:sun:jre:5.0:update_9::::::
	cpe:2.3:a:sun:jre:6:::::::*
cpe:2.3:a:sun:jre:6:update_1::::::
cpe:2.3:a:sun:jre:6:update_2::::::
cpe:2.3:a:sun:jre:6:update_3::::::
cpe:2.3:a:sun:jre:6:update_4::::::
cpe:2.3:a:sun:jre:6:update_5::::::
cpe:2.3:a:sun:jre:6:update_6::::::
cpe:2.3:a:sun:jre:6:update_7::::::
cpe:2.3:a:sun:jre:6:update_8::::::
cpe:2.3:a:sun:jre:6:update_9::::::
cpe:2.3:a:sun:sdk::::::::
cpe:2.3:a:sun:sdk:1.4.2_1:::::::*
cpe:2.3:a:sun:sdk:1.4.2_2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_3:::::::*
cpe:2.3:a:sun:sdk:1.4.2_4:::::::*
cpe:2.3:a:sun:sdk:1.4.2_5:::::::*
cpe:2.3:a:sun:sdk:1.4.2_6:::::::*
cpe:2.3:a:sun:sdk:1.4.2_7:::::::*
cpe:2.3:a:sun:sdk:1.4.2_8:::::::*
cpe:2.3:a:sun:sdk:1.4.2_9:::::::*
cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
cpe:2.3:a:sun:sdk:1.4.2_11:::::::*
cpe:2.3:a:sun:sdk:1.4.2_12:::::::*
cpe:2.3:a:sun:sdk:1.4.2_13:::::::*
cpe:2.3:a:sun:sdk:1.4.2_14:::::::*
cpe:2.3:a:sun:sdk:1.4.2_15:::::::*
cpe:2.3:a:sun:sdk:1.4.2_16:::::::*
cpe:2.3:a:sun:sdk:1.4.2_17:::::::*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://marc.info/?l=bugtraq&m=123678756409861&w=2
http://marc.info/?l=bugtraq&m=126583436323697&w=2
http://rhn.redhat.com/errata/RHSA-2008-1018.html
http://rhn.redhat.com/errata/RHSA-2008-1025.html
http://secunia.com/advisories/32991
http://secunia.com/advisories/33015
http://secunia.com/advisories/33710
http://secunia.com/advisories/34233
http://secunia.com/advisories/34447
http://secunia.com/advisories/34605
http://secunia.com/advisories/34889
http://secunia.com/advisories/35065
http://secunia.com/advisories/37386
http://secunia.com/advisories/38539
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1	Patch Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://www.redhat.com/support/errata/RHSA-2009-0016.html
http://www.redhat.com/support/errata/RHSA-2009-0369.html
http://www.redhat.com/support/errata/RHSA-2009-0445.html
http://www.us-cert.gov/cas/techalerts/TA08-340A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/3339
http://www.vupen.com/english/advisories/2009/0424
http://www.vupen.com/english/advisories/2009/0672
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6627