Vulnerability Details : CVE-2008-3107
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
Products affected by CVE-2008-3107
- cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:*:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3107
1.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3107
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-3107
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3107
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
-
http://www.vmware.com/security/advisories/VMSA-2008-0016.html
-
http://www.securitytracker.com/id?1020455
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10219
-
http://www.vupen.com/english/advisories/2008/2056/references
-
http://www.redhat.com/support/errata/RHSA-2008-0594.html
-
http://www.securityfocus.com/bid/30141
-
http://support.apple.com/kb/HT3179
About the security content of Java for Mac OS X 10.5 Update 2 - Apple Support
-
http://www.redhat.com/support/errata/RHSA-2008-0595.html
-
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
-
http://marc.info/?l=bugtraq&m=122331139823057&w=2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43659
-
http://www.vupen.com/english/advisories/2008/2740
-
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
US Government Resource
-
http://security.gentoo.org/glsa/glsa-200911-02.xml
Sun JDK/JRE: Multiple vulnerabilities (GLSA 200911-02) — Gentoo security
-
http://support.apple.com/kb/HT3178
About the security content of Java for Mac OS X 10.4, Release 7 - Apple Support
-
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
-
http://www.securityfocus.com/archive/1/497041/100/0/threaded
Jump to