PT-2008-6467 · Sun+2 · Jre+6

Published

2008-12-05

Updated

2017-09-29

CVE-2008-5343

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier JDK and JRE 5.0 Update 16 and earlier SDK and JRE 1.4.2 18 and earlier

Description The issue allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file.

Recommendations For Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, update to a version later than Update 10. For JDK and JRE 5.0 Update 16 and earlier, update to a version later than Update 16. For SDK and JRE 1.4.2 18 and earlier, update to a version later than 1.4.2 18.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-5343

HPSBUX02411

RHSA-2008:1018

RHSA-2008:1025

RHSA-2009:0016

RHSA-2009:0369

RHSA-2009:0445

Affected Products

Hp-Ux

Jdk

Jre

Java Platform

Java Plug-In

Java Web Start

Sdk

PT-2008-6467 · Sun+2 · Jre+6

CVE-2008-5343

Related Identifiers

Affected Products

References · 58