CVE-2008-3107 — JDK vulnerability

CWE-2645 documents5 sources

Severity

10.0CRITICALNVD

EPSS

14.5%

top 5.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedJul 9

Latest updateMay 1

Description

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsun/jdk5.0+3

▶NVDsun/jre1.4.2_17+22

▶NVDsun/sdk1.4.2_17+15

🔴Vulnerability Details

GHSA

GHSA-59rm-f3qj-r4jw: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2008-3107: Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5↗2008-07-09

▶

📋Vendor Advisories

Red Hat

JDK untrusted applet/application privilege escalation (6661918)↗2008-07-08

▶

💬Community

Bugzilla

CVE-2008-3107 JDK untrusted applet/application privilege escalation (6661918)↗2008-06-24

▶