Vulnerability Details : CVE-2008-3109
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
Exploit prediction scoring system (EPSS) score for CVE-2008-3109
Probability of exploitation activity in the next 30 days: 1.83%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3109
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-3109
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3109
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.securityfocus.com/bid/30144
- http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
- http://www.vupen.com/english/advisories/2008/2056/references
- http://www.redhat.com/support/errata/RHSA-2008-0594.html
-
http://support.apple.com/kb/HT3179
About the security content of Java for Mac OS X 10.5 Update 2 - Apple Support
- http://www.redhat.com/support/errata/RHSA-2008-1045.html
- http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://www.vupen.com/english/advisories/2008/2740
-
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8540
- http://www.securitytracker.com/id?1020456
- http://security.gentoo.org/glsa/glsa-200911-02.xml
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43660
- http://www.redhat.com/support/errata/RHSA-2008-0906.html
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
Products affected by CVE-2008-3109
- cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*