V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2008-2086
ANC
Critical

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_1…

CVSS
9.3
Critical
EPSS
0.07
p93
Published
2008-01-01
Updated
2008-01-01
Description

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.

Tags · CWE
CWE-94
CAPEC-35
CAPEC-77
CAPEC-242
Affected products
Java-1.4.2-ibmJava-1.4.2-ibmJava-1.4.2-ibmJava-1.5.0-ibmJava-1.5.0-ibmJava-1.5.0-sunJava-1.5.0-sunJava-1.5.0-sunJava-1.6.0-ibmJava-1.6.0-ibmJava-1.6.0-sunJava-1.6.0-sunOpenjdk-6Openjdk-6Sun-java5Sun-java5Sun-java5Sun-java5
CVSS vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Timeline
2008-01-01
Published
2008-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: C
Complete
Integrity Impact
I: C
Complete
Availability Impact
A: C
Complete
Exploit indicators
EPSS
0.073 · p93
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-35 · CWE-94
└ via CAPEC-35 · CWE-94
└ via CAPEC-35 · CWE-94
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Openjdk-6Sun-java6Sun-java5
Canonical
Openjdk-6Sun-java6Sun-java5
Red Hat
Java-1.6.0-sunJava-1.6.0-ibmJava-1.5.0-ibmJava-1.4.2-ibmJava-1.5.0-sun
Oracle
JreJdkJava SeOpenjdk
Sun
JreJdkJava SeJavaOpenjdkSdk
ProductVendorStatus
Tracked
Tracked
java-1.4.2-ibmTracked
java-1.4.2-ibmTracked
java-1.4.2-ibmTracked
java-1.5.0-ibmTracked
java-1.5.0-ibmTracked
java-1.5.0-sunTracked
java-1.5.0-sunTracked
java-1.5.0-sunTracked
java-1.6.0-ibmTracked
java-1.6.0-ibmTracked
java-1.6.0-sunTracked
java-1.6.0-sunTracked
openjdk-6Tracked
openjdk-6Tracked
sun-java5Tracked
sun-java5Tracked
sun-java5Tracked
sun-java5Tracked
Showing first 20 of 26
Source databases
ANC
DEB
CVE
RED
UBU