CVE-2008-3114

Sun Java Web Start <6 - Info Disclosure

Title source: llm

Description

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.

References (40)

Core 40

Core References

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=122331139823057&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32436

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32826

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31600

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32018

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200911-02.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32179

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33194

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2740

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31320

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2056/references

Patch vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31055

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32180

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31736

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35065

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3178

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1020452

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30148

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0594.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31497

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2008-0955.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497041/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43668

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0790.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0906.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA08-193A.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37386

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3179

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0595.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9755

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31010

Scores

EPSS 0.0333

EPSS Percentile 87.5%

Details

CWE

CWE-200

Status published

Products (22)

sun/jdk 5.0 update_10 (13 CPE variants)

sun/jdk 6 update_1 (5 CPE variants)

sun/jdk < 5.0

sun/jdk < 6

sun/jre 1.4.2

sun/jre 1.4.2_01

sun/jre 1.4.2_02

sun/jre 1.4.2_03

sun/jre 1.4.2_04

sun/jre 1.4.2_05

... and 12 more

Published Jul 09, 2008

Tracked Since Feb 18, 2026