Vulnerability Details CVE-2008-3115
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.283
EPSS Ranking 96.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/31010
- http://secunia.com/advisories/31600
- http://secunia.com/advisories/32018
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
- http://support.apple.com/kb/HT3178
- http://support.apple.com/kb/HT3179
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/30142
- http://www.securitytracker.com/id?1020460
- http://www.us-cert.gov/cas/techalerts/TA08-193A.html
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.vupen.com/english/advisories/2008/2056/references
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43665
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/31010
- http://secunia.com/advisories/31600
- http://secunia.com/advisories/32018
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
- http://support.apple.com/kb/HT3178
- http://support.apple.com/kb/HT3179
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
- http://www.securityfocus.com/bid/30142
- http://www.securitytracker.com/id?1020460
- http://www.us-cert.gov/cas/techalerts/TA08-193A.html
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://www.vupen.com/english/advisories/2008/2056/references
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43665
Products affected by CVE-2008-3115
-
cpe:2.3:a:sun:jdk:1.6.0
-
cpe:2.3:a:sun:jdk:5.0
-
cpe:2.3:a:sun:jdk:6
-
cpe:2.3:a:sun:jre:1.6.0
-
cpe:2.3:a:sun:jre:5.0
-
cpe:2.3:a:sun:jre:6