CVE-2008-0636
published 2008-02-12CVE-2008-0636: Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to…
PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.59%
83.4th percentile
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| level_platforms | managed_workplace_service_center | — | — |
| level_platforms | managed_workplace_service_center | — | — |
| level_platforms | managed_workplace_service_center | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
bugzilla·2008-07-09·CVSS 10.0
CVE-2008-3112 [CRITICAL] CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
Sunalert, 238905, Second Issue
A vulnerability in Java Web Start may allow an untrusted Java Web Start
application downloaded from a website to create arbitrary files with the
permissions of the user running the untrusted Java Web Start application.
Discussion:
This was resolved via:
http://rhn.redhat.com/errata/RHSA-2008-0595.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0955.html (RHEL3, RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0790.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0636.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0638.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0906.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0594.html (RHE
Bugzilla
CVE-2008-3113 Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
bugzilla·2008-07-09·CVSS 10.0
CVE-2008-3113 [CRITICAL] CVE-2008-3113 Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
CVE-2008-3113 Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
Sunalert, 238905, Third Issue
A vulnerability in Java Web Start may allow an untrusted Java Web Start
application downloaded from a website to create or delete arbitrary files with
the permissions of the user running the untrusted Java Web Start application.
Discussion:
This was resolved via:
http://rhn.redhat.com/errata/RHSA-2008-0595.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0955.html (RHEL3, RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0790.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0636.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0638.html (Satellite 5.1)
Bugzilla
CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)
bugzilla·2008-07-09·CVSS 5.0
CVE-2008-3114 [MEDIUM] CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)
CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)
Sunalert, 238905, Fourth Issue
A vulnerability in Java Web Start may allow an untrusted Java Web Start
application to determine the location of the Java Web Start cache.
Discussion:
This was resolved via:
http://rhn.redhat.com/errata/RHSA-2008-0595.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0955.html (RHEL3, RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0790.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0636.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0638.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0906.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0594.html (RHEL4, RHEL5)
Bugzilla
CVE-2008-3111 Java Web Start Buffer overflow vulnerabilities (6557220)
bugzilla·2008-07-09·CVSS 10.0
CVE-2008-3111 [CRITICAL] CVE-2008-3111 Java Web Start Buffer overflow vulnerabilities (6557220)
CVE-2008-3111 Java Web Start Buffer overflow vulnerabilities (6557220)
Sunalert, 238905, First Issue
Buffer overflow vulnerabilities in Java Web Start may allow an untrusted Java
Web Start application to elevate its privileges. For example, an untrusted Java
Web Start application may grant itself permissions to read and write local files
or execute local applications that are accessible to the user running the
untrusted application.
Discussion:
This issue has been corrected via:
Red Hat Enterprise Linux version 4 Extras (RHSA-2008:0595 (java-1.5.0-sun) and RHSA-2008:0790 (java-1.5.0-ibm))
RHEL Supplementary version 5 (RHSA-2008:0595 (java-1.5.0-sun) and RHSA-2008:0790 (java-1.5.0-ibm))
Red Hat Network Satellite Server 5.1 (RHEL v.4 AS) (RHSA-2008:0636 (java-1.5.0-sun) and RHSA-2008:06
http://securityreason.com/securityalert/3659http://www.securityfocus.com/archive/1/487811/100/0/threadedhttp://www.securityfocus.com/archive/1/488201/100/0/threadedhttp://www.securityfocus.com/archive/1/496074/100/0/threadedhttp://www.securityfocus.com/bid/27702http://securityreason.com/securityalert/3659http://www.securityfocus.com/archive/1/487811/100/0/threadedhttp://www.securityfocus.com/archive/1/488201/100/0/threadedhttp://www.securityfocus.com/archive/1/496074/100/0/threadedhttp://www.securityfocus.com/bid/27702
2008-02-12
Published