CVE-2008-0657 — JDK vulnerability

CWE-2645 documents5 sources

Severity

10.0CRITICALNVD

EPSS

2.0%

top 16.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE

Timeline

PublishedFeb 7

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDsun/jdk5.0_update13

▶NVDsun/jre1.5.0+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-2jgq-w4vv-qrcg: Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5↗2022-05-01

▶

CVEList

CVE-2008-0657: Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5↗2008-02-07

▶

📋Vendor Advisories

Red Hat

java-1.5.0 Privilege escalation via unstrusted applet and application↗2008-02-05

▶

💬Community

Bugzilla

CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and application↗2008-02-07

▶