Home > Vulnerability Database > CVE-2008-3111

Mend.io Vulnerability Database

CVE-2008-3111

Date: July 9, 2008

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

Severity Score

9.8

Related Resources (34)

Url: http://secunia.com/advisories/31320

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/43664

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541

Url: http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html

Url: http://secunia.com/advisories/37386

Url: http://secunia.com/advisories/31600

Url: http://secunia.com/advisories/32018

Url: http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Url: http://secunia.com/advisories/32179

Url: http://www.vupen.com/english/advisories/2008/2056/references

Url: http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

Url: http://support.apple.com/kb/HT3178

Url: http://support.apple.com/kb/HT3179

Url: http://secunia.com/advisories/32180

Url: http://www.vupen.com/english/advisories/2008/2740

Url: http://www.securityfocus.com/bid/30148

Url: http://www.redhat.com/support/errata/RHSA-2008-0790.html

Url: http://secunia.com/advisories/31055

Url: http://www.securityfocus.com/archive/1/494505/100/0/threaded

Url: http://secunia.com/advisories/31010

Url: http://www.securitytracker.com/id?1020452

Url: http://www.us-cert.gov/cas/techalerts/TA08-193A.html

Url: http://security.gentoo.org/glsa/glsa-200911-02.xml

Url: http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

Url: http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html

Url: http://secunia.com/advisories/31497

Url: http://www.zerodayinitiative.com/advisories/ZDI-08-043/

Url: http://www.securityfocus.com/archive/1/497041/100/0/threaded

Url: http://secunia.com/advisories/31736

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-3111

Url: http://marc.info/?l=bugtraq&m=122331139823057&w=2

Url: http://www.redhat.com/support/errata/RHSA-2008-0595.html

Url: https://www.mend.io/vulnerability-database/CVE-2008-3111

Severity Score

9.8

Weakness Type (CWE)

Buffer Errors

CWE-119

Input Validation

CWE-20

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-3111

Date: July 9, 2008

Severity Score

Related Resources (34)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?