CVE-2008-5345 — JDK vulnerability

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

4.9%

top 10.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedDec 5

Latest updateMay 13

Description

Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/jdk1.5.0, 1.6.0+1

▶NVDsun/jre44 versions+43

▶NVDsun/sdk49 versions+48

🔴Vulnerability Details

GHSA

GHSA-6hm4-p2vh-7vmv: Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5↗2022-05-13

▶

CVEList

CVE-2008-5345: Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5↗2008-12-05

▶

📋Vendor Advisories

Red Hat

JRE allows unauthorized file access and connections to localhost↗2008-12-04

▶

💬Community

Bugzilla

CVE-2008-5345 JRE allows unauthorized file access and connections to localhost↗2008-12-05

▶