CVE-2008-3115

Sun JDK and JRE < 6 - Unauthenticated Applet Execution via Secure Static Versioning Bypass

Title source: manual

Description

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.

References (21)

Core 21

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30142

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1020460

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=122331139823057&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31600

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32018

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200911-02.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32179

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2740

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2056/references

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32180

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43665

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3178

Patch vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497041/100/0/threaded

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA08-193A.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37386

Vendor Advisory x_refsource_confirm

http://support.apple.com/kb/HT3179

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31010

Scores

EPSS 0.2557

EPSS Percentile 96.3%

Details

CWE

CWE-16

Status published

Products (6)

sun/jdk 5.0 update_10 (10 CPE variants)

sun/jdk 6 update_1 (5 CPE variants)

sun/jdk < 6

sun/jre 5.0 update_10 (10 CPE variants)

sun/jre 6 update_1 (5 CPE variants)

sun/jre < 6

Published Jul 09, 2008

Tracked Since Feb 18, 2026