← Back

CVE-2008-2086

nvd nist
Published: Dec 5, 2008Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.

Affected (91)

Products: Sun: Jdk, Jre, Sdk
Sun
3 products
Jdk
Jre
Sdk
Configuration A
91 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Jdk
Up to 6
Jdk
Up to 5.0
Jdk
Version 5.0 update_10
Jdk
Version 5.0 update_11
Jdk
Version 5.0 update_12
Jdk
Version 5.0 update_13
Jdk
Version 5.0 update_14
Jdk
Version 5.0 update_15
Jdk
Version 5.0 update_1
Jdk
Version 5.0 update_2
Jdk
Version 5.0 update_3
Jdk
Version 5.0 update_4
Jdk
Version 5.0 update_5
Jdk
Version 5.0 update_6
Jdk
Version 5.0 update_7
Jdk
Version 5.0 update_8
Jdk
Version 5.0 update_9
Jdk
Version 6
Jdk
Version 6 update_1
Jdk
Version 6 update_2
Jdk
Version 6 update_3
Jdk
Version 6 update_4
Jdk
Version 6 update_5
Jdk
Version 6 update_6
Jdk
Version 6 update_7
Jdk
Version 6 update_8
Jdk
Version 6 update_9
Sun
Jre
Up to 1.4.2_18
Jre
Up to 6
Jre
Up to 5.0
Jre
Version 1.4.2_10
Jre
Version 1.4.2_11
Jre
Version 1.4.2_12
Jre
Version 1.4.2_13
Jre
Version 1.4.2_14
Jre
Version 1.4.2_15
Jre
Version 1.4.2_16
Jre
Version 1.4.2_17
Jre
Version 1.4.2_1
Jre
Version 1.4.2_2
Jre
Version 1.4.2_3
Jre
Version 1.4.2_4
Jre
Version 1.4.2_5
Jre
Version 1.4.2_6
Jre
Version 1.4.2_7
Jre
Version 1.4.2_8
Jre
Version 1.4.2_9
Jre
Version 5.0
Jre
Version 5.0 update_10
Jre
Version 5.0 update_11
Jre
Version 5.0 update_12
Jre
Version 5.0 update_13
Jre
Version 5.0 update_14
Jre
Version 5.0 update_15
Jre
Version 5.0 update_1
Jre
Version 5.0 update_2
Jre
Version 5.0 update_3
Jre
Version 5.0 update_4
Jre
Version 5.0 update_5
Jre
Version 5.0 update_6
Jre
Version 5.0 update_7
Jre
Version 5.0 update_8
Jre
Version 5.0 update_9
Jre
Version 6
Jre
Version 6 update_1
Jre
Version 6 update_2
Jre
Version 6 update_3
Jre
Version 6 update_4
Jre
Version 6 update_5
Jre
Version 6 update_6
Jre
Version 6 update_7
Jre
Version 6 update_8
Jre
Version 6 update_9
Sun
Sdk
Up to 1.4.2_18
Sdk
Version 1.4.2_10
Sdk
Version 1.4.2_11
Sdk
Version 1.4.2_12
Sdk
Version 1.4.2_13
Sdk
Version 1.4.2_14
Sdk
Version 1.4.2_15
Sdk
Version 1.4.2_16
Sdk
Version 1.4.2_17
Sdk
Version 1.4.2_1
Sdk
Version 1.4.2_2
Sdk
Version 1.4.2_3
Sdk
Version 1.4.2_4
Sdk
Version 1.4.2_5
Sdk
Version 1.4.2_6
Sdk
Version 1.4.2_7
Sdk
Version 1.4.2_8
Sdk
Version 1.4.2_9

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (74)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.