Vulnerability Details : CVE-2008-2086

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.

Vulnerability category: Execute code

Published 2008-12-05 02:30:00

Updated 2018-10-11 20:39:11

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-2086

Probability of exploitation activity in the next 30 days: 48.34%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-2086

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-2086

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: [email protected] (Primary)

References for CVE-2008-2086

Products affected by CVE-2008-2086

SUN » JDK » Update Update 10
Versions up to, including, (<=) 6
cpe:2.3:a:sun:jdk:*:update_10:*:*:*:*:*:*
Matching versions
SUN » JDK » Update Update 16
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:jdk:*:update_16:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 1
cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6
cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 3
cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 3
cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 4
cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 5
cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 1
cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 10
cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 6
cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 7
cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 2
cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 13
cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 2
cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 11
cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 12
cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 8
cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 9
cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 6
cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 7
cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 8
cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 9
cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 15
cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 5
cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 4
cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 14
cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JRE
Versions up to, including, (<=) 1.4.2_18
cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Update Update 16
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*
Matching versions
SUN » JRE » Update Update 10
Versions up to, including, (<=) 6
cpe:2.3:a:sun:jre:*:update_10:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 6
cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 7
cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 2
cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 3
cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 1
cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 10
cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 8
cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 9
cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 4
cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 5
cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 12
cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 13
cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 11
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 14
cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 15
cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0
cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6
cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 1
cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 1
cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 10
cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 6
cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 7
cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 2
cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 3
cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 11
cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 12
cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 4
cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 5
cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 8
cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 9
cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 13
cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 2
cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 3
cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 6
cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 7
cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 14
cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 4
cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 17
cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 16
cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 5
cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 8
cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 9
cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 15
cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
Matching versions
SUN » SDK
Versions up to, including, (<=) 1.4.2_18
cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 9
cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 3
cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 8
cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 1
cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 2
cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 5
cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 6
cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 7
cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 4
cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 10
cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 11
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 12
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 14
cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 13
cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 15
cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 17
cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 16
cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
Matching versions