The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-12-05T11:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2008-12-04T00:00:00
Link: CVE-2008-5355
JSON object: View
NVD Information
Status : Modified
Published: 2008-12-05T11:30:00.567
Modified: 2017-09-29T01:32:36.353
Link: CVE-2008-5355
JSON object: View
Redhat Information
No data.
CWE