← Back

CVE-2008-5355

nvd nist
Published: Dec 5, 2008Modified: Apr 23, 2026

JSON object

Loading...
10.0
Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 10.0 / Impact: 10.0
Source: NVD

Description

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

Affected (91)

Products: Sun: Jdk, Jre, Sdk
Sun
3 products
Jdk
Jre
Sdk
Configuration A
91 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Jdk
Up to 6
Jdk
Up to 5.0
Jdk
Version 5.0 update_10
Jdk
Version 5.0 update_11
Jdk
Version 5.0 update_12
Jdk
Version 5.0 update_13
Jdk
Version 5.0 update_14
Jdk
Version 5.0 update_15
Jdk
Version 5.0 update_1
Jdk
Version 5.0 update_2
Jdk
Version 5.0 update_3
Jdk
Version 5.0 update_4
Jdk
Version 5.0 update_5
Jdk
Version 5.0 update_6
Jdk
Version 5.0 update_7
Jdk
Version 5.0 update_8
Jdk
Version 5.0 update_9
Jdk
Version 6
Jdk
Version 6 update_1
Jdk
Version 6 update_2
Jdk
Version 6 update_3
Jdk
Version 6 update_4
Jdk
Version 6 update_5
Jdk
Version 6 update_6
Jdk
Version 6 update_7
Jdk
Version 6 update_8
Jdk
Version 6 update_9
Sun
Jre
Up to 1.4.2_18
Jre
Up to 6
Jre
Up to 5.0
Jre
Version 1.4.2_10
Jre
Version 1.4.2_11
Jre
Version 1.4.2_12
Jre
Version 1.4.2_13
Jre
Version 1.4.2_14
Jre
Version 1.4.2_15
Jre
Version 1.4.2_16
Jre
Version 1.4.2_17
Jre
Version 1.4.2_1
Jre
Version 1.4.2_2
Jre
Version 1.4.2_3
Jre
Version 1.4.2_4
Jre
Version 1.4.2_5
Jre
Version 1.4.2_6
Jre
Version 1.4.2_7
Jre
Version 1.4.2_8
Jre
Version 1.4.2_9
Jre
Version 5.0
Jre
Version 5.0 update_10
Jre
Version 5.0 update_11
Jre
Version 5.0 update_12
Jre
Version 5.0 update_13
Jre
Version 5.0 update_14
Jre
Version 5.0 update_15
Jre
Version 5.0 update_1
Jre
Version 5.0 update_2
Jre
Version 5.0 update_3
Jre
Version 5.0 update_4
Jre
Version 5.0 update_5
Jre
Version 5.0 update_6
Jre
Version 5.0 update_7
Jre
Version 5.0 update_8
Jre
Version 5.0 update_9
Jre
Version 6
Jre
Version 6 update_1
Jre
Version 6 update_2
Jre
Version 6 update_3
Jre
Version 6 update_4
Jre
Version 6 update_5
Jre
Version 6 update_6
Jre
Version 6 update_7
Jre
Version 6 update_8
Jre
Version 6 update_9
Sun
Sdk
Up to 1.4.2_18
Sdk
Version 1.4.2_10
Sdk
Version 1.4.2_11
Sdk
Version 1.4.2_12
Sdk
Version 1.4.2_13
Sdk
Version 1.4.2_14
Sdk
Version 1.4.2_15
Sdk
Version 1.4.2_16
Sdk
Version 1.4.2_17
Sdk
Version 1.4.2_1
Sdk
Version 1.4.2_2
Sdk
Version 1.4.2_3
Sdk
Version 1.4.2_4
Sdk
Version 1.4.2_5
Sdk
Version 1.4.2_6
Sdk
Version 1.4.2_7
Sdk
Version 1.4.2_8
Sdk
Version 1.4.2_9

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (20)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.