CVE-2008-3113 — JDK vulnerability

CWE-2645 documents5 sources

Severity

10.0CRITICALNVD

EPSS

20.6%

top 4.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedJul 9

Latest updateMay 1

Description

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsun/jdk5.0+1

▶NVDsun/jre1.4.2_17+19

▶NVDsun/sdk18 versions+17

Patches

Patch: secunia.com ↗Patch: sunsolve.sun.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-32mg-gg62-gfq3: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2008-3113: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5↗2008-07-09

▶

📋Vendor Advisories

Red Hat

Java Web Start arbitrary file creation/deletion file with user permissions (6704077)↗2008-07-08

▶

💬Community

Bugzilla

CVE-2008-3113 Java Web Start arbitrary file creation/deletion file with user permissions (6704077)↗2008-07-09

▶