CVE-2005-3906 — JDK vulnerability

6 documents3 sources

Severity

7.5HIGHNVD

EPSS

11.5%

top 6.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE

Timeline

PublishedNov 30

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/jdk38 versions+37

▶NVDsun/jre13 versions+12

Patches

Patch: secunia.com ↗Patch: sunsolve.sun.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-343x-pf8p-g4rj: Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1↗2022-05-01

▶

GHSA

GHSA-wf3m-v872-644c: Unspecified vulnerability in reflection APIs in Java SDK and JRE 1↗2022-05-01

▶

CVEList

CVE-2005-3906: Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1↗2005-11-30

▶

CVEList

CVE-2005-3905: Unspecified vulnerability in reflection APIs in Java SDK and JRE 1↗2005-11-30

▶