Vulnerability Details : CVE-2008-3110

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet.
Publish Date : 2008-07-09 Last Update Date : 2010-08-21

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	4.3
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Obtain Information
CWE ID	264

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	critical			2008-07-08	2008-07-08

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
CVE-2008-3110	oval:org.opensuse.security:def:20083110	unix
RHSA-2008:0594: java-1.6.0-sun security update (Critical)	oval:com.redhat.rhsa:def:20080594	unix
RHSA-2008:0906: java-1.6.0-ibm security update (Critical)	oval:com.redhat.rhsa:def:20080906	unix
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 ...	oval:org.mitre.oval:def:10734	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2008-3110

#	Product Type	Vendor	Product	Version	Update
1	Application	SUN	JDK	6	Update 2	Details Vulnerabilities
2	Application	SUN	JDK	6	Update 3	Details Vulnerabilities
3	Application	SUN	JDK	6	Update 4	Details Vulnerabilities
4	Application	SUN	JDK	6	Update 5	Details Vulnerabilities
5	Application	SUN	JDK	6	Update 1	Details Vulnerabilities
6	Application	SUN	JDK	6	Update 6	Details Vulnerabilities
7	Application	SUN	JRE	6	Update 2	Details Vulnerabilities
8	Application	SUN	JRE	6	Update 3	Details Vulnerabilities
9	Application	SUN	JRE	6	Update 4	Details Vulnerabilities
10	Application	SUN	JRE	6	Update 5	Details Vulnerabilities
11	Application	SUN	JRE	6	Update 6	Details Vulnerabilities
12	Application	SUN	JRE	6	Update 1	Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
SUN	JDK	6
SUN	JRE	6

- References For CVE-2008-3110

http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
APPLE APPLE-SA-2008-09-24

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
SUSE SUSE-SA:2008:042

http://secunia.com/advisories/31010
SECUNIA 31010

http://marc.info/?l=bugtraq&m=122331139823057&w=2
BUGTRAQ 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and

http://secunia.com/advisories/31600
SECUNIA 31600

http://secunia.com/advisories/32018
SECUNIA 32018

http://secunia.com/advisories/32179
SECUNIA 32179

http://secunia.com/advisories/32180
SECUNIA 32180

http://secunia.com/advisories/32436
SECUNIA 32436

http://secunia.com/advisories/33238
SECUNIA 33238

http://secunia.com/advisories/37386
SECUNIA 37386

http://security.gentoo.org/glsa/glsa-200911-02.xml
GENTOO GLSA-200911-02

http://support.apple.com/kb/HT3179 CONFIRM

http://www.frsirt.com/english/advisories/2008/2056/references
VUPEN ADV-2008-2056

http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm CONFIRM

http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm CONFIRM

http://www.frsirt.com/english/advisories/2008/2740
VUPEN ADV-2008-2740

http://www.securityfocus.com/bid/30144
BID 30144 Sun Java Runtime Environment Multiple Security Vulnerabilities Release Date:2009-11-18

http://www.securityfocus.com/archive/1/archive/1/497041/100/0/threaded
BUGTRAQ 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

http://www.redhat.com/support/errata/RHSA-2008-1045.html
REDHAT RHSA-2008:1045

http://www.redhat.com/support/errata/RHSA-2008-0906.html
REDHAT RHSA-2008:0906

http://www.redhat.com/support/errata/RHSA-2008-0594.html
REDHAT RHSA-2008:0594

http://www.vmware.com/security/advisories/VMSA-2008-0016.html CONFIRM

http://www.securitytracker.com/id?1020456
SECTRACK 1020456

http://xforce.iss.net/xforce/xfdb/43661
XF sun-jre-scripting-info-disclosure(43661)

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
SUNALERT 238687

http://www.us-cert.gov/cas/techalerts/TA08-193A.html
CERT TA08-193A

- Metasploit Modules Related To CVE-2008-3110

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)