CVE-2008-1187 — JDK vulnerability

CWE-2645 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

21.6%

top 4.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedMar 6

Latest updateMay 1

Description

Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/jdk5.0+3

▶NVDsun/jre1.4.2_14+16

▶NVDsun/sdk1.4.2_16+17

Patches

Patch: download.novell.com ↗Patch: sunsolve.sun.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-8m64-fhc9-rr82: Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5↗2022-05-01

▶

CVEList

CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5↗2008-03-06

▶

📋Vendor Advisories

Red Hat

Untrusted applet and application XSLT processing privilege escalation↗2008-03-06

▶

💬Community

Bugzilla

CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation↗2008-03-04

▶