CVE-2008-3440
published 2008-08-01CVE-2008-3440: Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | java | <= 1.6.0 | — |
| sun | java | — | — |