CVE-2008-5341

Published: Dec 5, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.

Affected (91)

Products: Sun: Jdk, Jre, Sdk

3 products

Configuration A

91 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 6
Sun Jdk	Up to 5.0
Sun Jdk	Version 5.0 update_10
Sun Jdk	Version 5.0 update_11
Sun Jdk	Version 5.0 update_12
Sun Jdk	Version 5.0 update_13
Sun Jdk	Version 5.0 update_14
Sun Jdk	Version 5.0 update_15
Sun Jdk	Version 5.0 update_1
Sun Jdk	Version 5.0 update_2
Sun Jdk	Version 5.0 update_3
Sun Jdk	Version 5.0 update_4
Sun Jdk	Version 5.0 update_5
Sun Jdk	Version 5.0 update_6
Sun Jdk	Version 5.0 update_7
Sun Jdk	Version 5.0 update_8
Sun Jdk	Version 5.0 update_9
Sun Jdk	Version 6
Sun Jdk	Version 6 update_1
Sun Jdk	Version 6 update_2
Sun Jdk	Version 6 update_3
Sun Jdk	Version 6 update_4
Sun Jdk	Version 6 update_5
Sun Jdk	Version 6 update_6
Sun Jdk	Version 6 update_7
Sun Jdk	Version 6 update_8
Sun Jdk	Version 6 update_9
Sun Jre	Up to 1.4.2_18
Sun Jre	Up to 6
Sun Jre	Up to 5.0
Sun Jre	Version 1.4.2_10
Sun Jre	Version 1.4.2_11
Sun Jre	Version 1.4.2_12
Sun Jre	Version 1.4.2_13
Sun Jre	Version 1.4.2_14
Sun Jre	Version 1.4.2_15
Sun Jre	Version 1.4.2_16
Sun Jre	Version 1.4.2_17
Sun Jre	Version 1.4.2_1
Sun Jre	Version 1.4.2_2
Sun Jre	Version 1.4.2_3
Sun Jre	Version 1.4.2_4
Sun Jre	Version 1.4.2_5
Sun Jre	Version 1.4.2_6
Sun Jre	Version 1.4.2_7
Sun Jre	Version 1.4.2_8
Sun Jre	Version 1.4.2_9
Sun Jre	Version 5.0
Sun Jre	Version 5.0 update_10
Sun Jre	Version 5.0 update_11
Sun Jre	Version 5.0 update_12
Sun Jre	Version 5.0 update_13
Sun Jre	Version 5.0 update_14
Sun Jre	Version 5.0 update_15
Sun Jre	Version 5.0 update_1
Sun Jre	Version 5.0 update_2
Sun Jre	Version 5.0 update_3
Sun Jre	Version 5.0 update_4
Sun Jre	Version 5.0 update_5
Sun Jre	Version 5.0 update_6
Sun Jre	Version 5.0 update_7
Sun Jre	Version 5.0 update_8
Sun Jre	Version 5.0 update_9
Sun Jre	Version 6
Sun Jre	Version 6 update_1
Sun Jre	Version 6 update_2
Sun Jre	Version 6 update_3
Sun Jre	Version 6 update_4
Sun Jre	Version 6 update_5
Sun Jre	Version 6 update_6
Sun Jre	Version 6 update_7
Sun Jre	Version 6 update_8
Sun Jre	Version 6 update_9
Sun Sdk	Up to 1.4.2_18
Sun Sdk	Version 1.4.2_10
Sun Sdk	Version 1.4.2_11
Sun Sdk	Version 1.4.2_12
Sun Sdk	Version 1.4.2_13
Sun Sdk	Version 1.4.2_14
Sun Sdk	Version 1.4.2_15
Sun Sdk	Version 1.4.2_16
Sun Sdk	Version 1.4.2_17
Sun Sdk	Version 1.4.2_1
Sun Sdk	Version 1.4.2_2
Sun Sdk	Version 1.4.2_3
Sun Sdk	Version 1.4.2_4
Sun Sdk	Version 1.4.2_5
Sun Sdk	Version 1.4.2_6
Sun Sdk	Version 1.4.2_7
Sun Sdk	Version 1.4.2_8
Sun Sdk	Version 1.4.2_9

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (52)

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=123678756409861&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=126583436323697&w=2

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2008-1018.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2008-1025.html

Source: cve@mitre.org

http://secunia.com/advisories/32991

Source: cve@mitre.org

http://secunia.com/advisories/33015

Source: cve@mitre.org

http://secunia.com/advisories/33710

Source: cve@mitre.org

http://secunia.com/advisories/34233

Source: cve@mitre.org

http://secunia.com/advisories/34447

Source: cve@mitre.org

http://secunia.com/advisories/34605

Source: cve@mitre.org

http://secunia.com/advisories/37386

Source: cve@mitre.org

http://secunia.com/advisories/38539

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200911-02.xml

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1

Source: cve@mitre.org

PatchVendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

Source: cve@mitre.org

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-0016.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-0369.html

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2008/3339

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/0672

Source: cve@mitre.org

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6529

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=123678756409861&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=126583436323697&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2008-1018.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2008-1025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32991

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33015

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33710

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34233

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34447

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34605

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37386

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38539

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200911-02.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-0016.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-0369.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2008/3339

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/0672

Source: af854a3a-2127-422b-91ae-364da2661108

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6529

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.