CVE-2008-3113 : Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.

Published 2008-07-09 23:41:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-3113

SUN » JDK » Update Update 15
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:jdk:*:update_15:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 3
cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 4
cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 5
cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 1
cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 10
cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 6
cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 7
cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 13
cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 2
cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 11
cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 12
cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 8
cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 9
cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 14
cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JRE
Versions up to, including, (<=) 1.4.2_17
cpe:2.3:a:sun:jre:*:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Update Update 15
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:jre:*:update_15:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2
cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 10
cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 8
cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 9
cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 12
cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 13
cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 01
cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 02
cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 11
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 14
cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 15
cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 03
cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 04
cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 1
cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 10
cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 6
cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 7
cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 11
cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 12
cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 4
cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 5
cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 05
cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 8
cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 9
cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 13
cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 2
cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 3
cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 06
cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 07
cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 14
cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 1.4.2 16
cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2
cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 03
cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 04
cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 01
cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 02
cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 08
cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 09
cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 10
cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 11
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 12
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 14
cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 13
cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 15
cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 07
cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 06
cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 05
cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 17
cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*
Matching versions
SUN » SDK » Version: 1.4.2 16
cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-3113

EPSS FAQ

22.99%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-3113

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-3113

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3113

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2009:010 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://secunia.com/advisories/31736

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454
http://rhn.redhat.com/errata/RHSA-2008-0955.html

CVEs referencing this url
http://secunia.com/advisories/37386

About Secunia Research | Flexera

CVEs referencing this url
http://www.vmware.com/security/advisories/VMSA-2008-0016.html

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0790.html

CVEs referencing this url
http://secunia.com/advisories/32180

CVEs referencing this url
http://secunia.com/advisories/31600

CVEs referencing this url
http://secunia.com/advisories/31497

CVEs referencing this url
http://secunia.com/advisories/31055

CVEs referencing this url
http://secunia.com/advisories/31010

Patch;Vendor Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/2056/references

CVEs referencing this url
http://support.apple.com/kb/HT3179

About the security content of Java for Mac OS X 10.5 Update 2 - Apple Support

CVEs referencing this url
http://secunia.com/advisories/32018

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0595.html

CVEs referencing this url
http://secunia.com/advisories/32826

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

CVEs referencing this url
http://marc.info/?l=bugtraq&m=122331139823057&w=2

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/2740

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2008:028 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://secunia.com/advisories/35065

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/31320

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA08-193A.html

US Government Resource

CVEs referencing this url
http://secunia.com/advisories/33194

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

Patch

CVEs referencing this url
http://www.securitytracker.com/id?1020452

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200911-02.xml

Sun JDK/JRE: Multiple vulnerabilities (GLSA 200911-02) — Gentoo security

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html

CVEs referencing this url
http://secunia.com/advisories/32179

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/43667
http://support.apple.com/kb/HT3178

About the security content of Java for Mac OS X 10.4, Release 7 - Apple Support

CVEs referencing this url
http://www.securityfocus.com/bid/30148

CVEs referencing this url
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

CVEs referencing this url
http://www.securityfocus.com/archive/1/497041/100/0/threaded

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-3113

Products affected by CVE-2008-3113

Exploit prediction scoring system (EPSS) score for CVE-2008-3113

CVSS scores for CVE-2008-3113

CWE ids for CVE-2008-3113

References for CVE-2008-3113