CVE-2008-3114Sensitive Information Exposure in JDK

CWE-200Sensitive Information Exposure7 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
3.3%
top 12.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SUN JDKSUN JRESUN SDK
Timeline
PublishedJul 9
Latest updateMay 1

Description

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDsun/jdk5.0+3
NVDsun/jre1.4.2_17+21
NVDsun/sdk1.4.2_17+17

Patches

Patch: sunsolve.sun.comPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-82jf-vh7j-48rv: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 52022-05-01
CVEList
CVE-2008-3114: Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 52008-07-09

💥Exploits & PoCs

2
Exploit-DB
Larson Network Print Server 9.4.2 build 105 (LstNPS) - 'NPSpcSVR.exe' License Command Remote Overflow2008-02-11
Exploit-DB
Larson Network Print Server 9.4.2 build 105 - 'LstNPS' Logging Function USEP Command Remote Format String2008-02-11

📋Vendor Advisories

1
Red Hat
Java Web Start, untrusted application may determine Cache Location (6704074)2008-07-08

💬Community

1
Bugzilla
CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)2008-07-09
CVE-2008-3114 — Sensitive Information Exposure in JDK | cvebase