CVE-2008-5342

Published: Dec 5, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.

Affected (91)

Products: Sun: Jdk, Jre, Sdk

3 products

Configuration A

91 vulnerable

Vulnerable Software	Affected Versions
Sun Jdk	Up to 6
Sun Jdk	Up to 5.0
Sun Jdk	Version 5.0 update_10
Sun Jdk	Version 5.0 update_11
Sun Jdk	Version 5.0 update_12
Sun Jdk	Version 5.0 update_13
Sun Jdk	Version 5.0 update_14
Sun Jdk	Version 5.0 update_15
Sun Jdk	Version 5.0 update_1
Sun Jdk	Version 5.0 update_2
Sun Jdk	Version 5.0 update_3
Sun Jdk	Version 5.0 update_4
Sun Jdk	Version 5.0 update_5
Sun Jdk	Version 5.0 update_6
Sun Jdk	Version 5.0 update_7
Sun Jdk	Version 5.0 update_8
Sun Jdk	Version 5.0 update_9
Sun Jdk	Version 6
Sun Jdk	Version 6 update_1
Sun Jdk	Version 6 update_2
Sun Jdk	Version 6 update_3
Sun Jdk	Version 6 update_4
Sun Jdk	Version 6 update_5
Sun Jdk	Version 6 update_6
Sun Jdk	Version 6 update_7
Sun Jdk	Version 6 update_8
Sun Jdk	Version 6 update_9
Sun Jre	Up to 1.4.2_18
Sun Jre	Up to 6
Sun Jre	Up to 5.0
Sun Jre	Version 1.4.2_10
Sun Jre	Version 1.4.2_11
Sun Jre	Version 1.4.2_12
Sun Jre	Version 1.4.2_13
Sun Jre	Version 1.4.2_14
Sun Jre	Version 1.4.2_15
Sun Jre	Version 1.4.2_16
Sun Jre	Version 1.4.2_17
Sun Jre	Version 1.4.2_1
Sun Jre	Version 1.4.2_2
Sun Jre	Version 1.4.2_3
Sun Jre	Version 1.4.2_4
Sun Jre	Version 1.4.2_5
Sun Jre	Version 1.4.2_6
Sun Jre	Version 1.4.2_7
Sun Jre	Version 1.4.2_8
Sun Jre	Version 1.4.2_9
Sun Jre	Version 5.0
Sun Jre	Version 5.0 update_10
Sun Jre	Version 5.0 update_11
Sun Jre	Version 5.0 update_12
Sun Jre	Version 5.0 update_13
Sun Jre	Version 5.0 update_14
Sun Jre	Version 5.0 update_15
Sun Jre	Version 5.0 update_1
Sun Jre	Version 5.0 update_2
Sun Jre	Version 5.0 update_3
Sun Jre	Version 5.0 update_4
Sun Jre	Version 5.0 update_5
Sun Jre	Version 5.0 update_6
Sun Jre	Version 5.0 update_7
Sun Jre	Version 5.0 update_8
Sun Jre	Version 5.0 update_9
Sun Jre	Version 6
Sun Jre	Version 6 update_1
Sun Jre	Version 6 update_2
Sun Jre	Version 6 update_3
Sun Jre	Version 6 update_4
Sun Jre	Version 6 update_5
Sun Jre	Version 6 update_6
Sun Jre	Version 6 update_7
Sun Jre	Version 6 update_8
Sun Jre	Version 6 update_9
Sun Sdk	Up to 1.4.2_18
Sun Sdk	Version 1.4.2_10
Sun Sdk	Version 1.4.2_11
Sun Sdk	Version 1.4.2_12
Sun Sdk	Version 1.4.2_13
Sun Sdk	Version 1.4.2_14
Sun Sdk	Version 1.4.2_15
Sun Sdk	Version 1.4.2_16
Sun Sdk	Version 1.4.2_17
Sun Sdk	Version 1.4.2_1
Sun Sdk	Version 1.4.2_2
Sun Sdk	Version 1.4.2_3
Sun Sdk	Version 1.4.2_4
Sun Sdk	Version 1.4.2_5
Sun Sdk	Version 1.4.2_6
Sun Sdk	Version 1.4.2_7
Sun Sdk	Version 1.4.2_8
Sun Sdk	Version 1.4.2_9

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (66)

http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=123678756409861&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=126583436323697&w=2

Source: cve@mitre.org

http://osvdb.org/50514

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2008-1018.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2008-1025.html

Source: cve@mitre.org

http://secunia.com/advisories/32991

Source: cve@mitre.org

http://secunia.com/advisories/33015

Source: cve@mitre.org

http://secunia.com/advisories/33710

Source: cve@mitre.org

http://secunia.com/advisories/34233

Source: cve@mitre.org

http://secunia.com/advisories/34447

Source: cve@mitre.org

http://secunia.com/advisories/34605

Source: cve@mitre.org

http://secunia.com/advisories/34889

Source: cve@mitre.org

http://secunia.com/advisories/35065

Source: cve@mitre.org

http://secunia.com/advisories/37386

Source: cve@mitre.org

http://secunia.com/advisories/38539

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200911-02.xml

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1

Source: cve@mitre.org

PatchVendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

Source: cve@mitre.org

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-0016.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-0369.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-0445.html

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2008/3339

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/0424

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/0672

Source: cve@mitre.org

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6359

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html