CVE-2008-3104 — JDK vulnerability

CWE-2645 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

23.7%

top 4.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedJul 9

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/jdk5.0+4

▶NVDsun/jre36 versions+35

▶NVDsun/sdk40 versions+39

Patches

Patch: secunia.com ↗Patch: sunsolve.sun.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-6cq4-9r5q-c4x7: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2008-3104: Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5↗2008-07-09

▶

📋Vendor Advisories

Red Hat

Java RE allows Same Origin Policy to be Bypassed (6687932)↗2008-07-08

▶

💬Community

Bugzilla

CVE-2008-3104 Java RE allows Same Origin Policy to be Bypassed (6687932)↗2008-07-09

▶