Vulnerability Details : CVE-2008-3106
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.
Products affected by CVE-2008-3106
- cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:*:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3106
17.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3106
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-3106
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3106
-
http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm
-
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014
-
http://secunia.com/advisories/31736
-
http://secunia.com/advisories/32436
-
http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
-
http://secunia.com/advisories/37386
About Secunia Research | Flexera
-
http://www.vmware.com/security/advisories/VMSA-2008-0016.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866
-
http://www.redhat.com/support/errata/RHSA-2008-0790.html
-
http://secunia.com/advisories/32180
-
http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm
-
http://secunia.com/advisories/31600
-
http://secunia.com/advisories/31497
-
http://www.securitytracker.com/id?1020457
-
http://secunia.com/advisories/31010
Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-1044.html
-
http://www.vupen.com/english/advisories/2008/2056/references
-
http://www.redhat.com/support/errata/RHSA-2008-0594.html
-
http://secunia.com/advisories/33237
-
http://support.apple.com/kb/HT3179
About the security content of Java for Mac OS X 10.5 Update 2 - Apple Support
-
http://www.redhat.com/support/errata/RHSA-2008-1045.html
-
http://www.securityfocus.com/bid/30143
-
http://secunia.com/advisories/32018
About Secunia Research | Flexera
-
http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
-
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717
-
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
-
http://marc.info/?l=bugtraq&m=122331139823057&w=2
-
http://www.vupen.com/english/advisories/2008/2740
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43658
-
http://secunia.com/advisories/31320
-
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
US Government Resource
-
http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm
-
http://security.gentoo.org/glsa/glsa-200911-02.xml
Sun JDK/JRE: Multiple vulnerabilities (GLSA 200911-02) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
-
http://www.redhat.com/support/errata/RHSA-2008-0906.html
-
http://secunia.com/advisories/33238
-
http://secunia.com/advisories/32179
-
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
-
http://www.securityfocus.com/archive/1/497041/100/0/threaded
Jump to