CVE-2008-5341 — Sensitive Information Exposure in JDK

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 21.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedDec 5

Latest updateMay 17

Description

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDsun/jdk5.0+3

▶NVDsun/jre1.4.2_18+21

▶NVDsun/sdk1.4.2_18+17

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-vwjg-vpwq-rxvv: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5↗2022-05-17

▶

CVEList

CVE-2008-5341: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5↗2008-12-05

▶

📋Vendor Advisories

Red Hat

Java Web Start exposes username and the pathname of the JWS cache↗2008-12-04

▶

💬Community

Bugzilla

CVE-2008-5341 Java Web Start exposes username and the pathname of the JWS cache↗2008-12-05

▶