National Vulnerability Database (NVD) National Vulnerability Database (CVE-2008-1187)

National Cyber Awareness System

Vulnerability Summary for CVE-2008-1187

Original release date:03/06/2008

Last revised:04/07/2011

Source: US-CERT/NIST

Overview

Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA08-066A

Name: TA08-066A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-066A.html

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2008-0010.html

Type: Patch Information

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2008-0010.html

External Source: SUNALERT

Name: 233322

Type: Advisory; Patch Information

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1

External Source: CONFIRM

Name: http://download.novell.com/Download?buildid=q5exhSqeBjA~

Type: Patch Information

Hyperlink:http://download.novell.com/Download?buildid=q5exhSqeBjA~

External Source: XF

Name: java-virtualmachine-multiple-priv-escalation(41025)

Hyperlink:http://xforce.iss.net/xforce/xfdb/41025

External Source: VUPEN

Name: ADV-2008-1856

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/1856/references

External Source: VUPEN

Name: ADV-2008-1252

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/1252

External Source: VUPEN

Name: ADV-2008-0770

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2008/0770/references

External Source: SECTRACK

Name: 1019548

Hyperlink:http://www.securitytracker.com/id?1019548

External Source: REDHAT

Name: RHSA-2008:0555

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0555.html

External Source: REDHAT

Name: RHSA-2008:0267

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0267.html

External Source: REDHAT

Name: RHSA-2008:0245

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0245.html

External Source: REDHAT

Name: RHSA-2008:0244

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0244.html

External Source: REDHAT

Name: RHSA-2008:0243

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0243.html

External Source: REDHAT

Name: RHSA-2008:0210

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0210.html

External Source: REDHAT

Name: RHSA-2008:0186

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0186.html

External Source: GENTOO

Name: GLSA-200806-11

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml

External Source: GENTOO

Name: GLSA-200804-20

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml

External Source: CONFIRM

Name: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html

Hyperlink:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html

External Source: CONFIRM

Name: http://support.apple.com/kb/HT3179

Hyperlink:http://support.apple.com/kb/HT3179

External Source: CONFIRM

Name: http://support.apple.com/kb/HT3178

Hyperlink:http://support.apple.com/kb/HT3178

External Source: GENTOO

Name: GLSA-200804-28

Hyperlink:http://security.gentoo.org/glsa/glsa-200804-28.xml

External Source: SECUNIA

Name: 32018

Type: Advisory

Hyperlink:http://secunia.com/advisories/32018

External Source: SECUNIA

Name: 31586

Type: Advisory

Hyperlink:http://secunia.com/advisories/31586

External Source: SECUNIA

Name: 31580

Type: Advisory

Hyperlink:http://secunia.com/advisories/31580

External Source: SECUNIA

Name: 31497

Type: Advisory

Hyperlink:http://secunia.com/advisories/31497

External Source: SECUNIA

Name: 31067

Type: Advisory

Hyperlink:http://secunia.com/advisories/31067

External Source: SECUNIA

Name: 30780

Type: Advisory

Hyperlink:http://secunia.com/advisories/30780

External Source: SECUNIA

Name: 30676

Type: Advisory

Hyperlink:http://secunia.com/advisories/30676

External Source: SECUNIA

Name: 30003

Type: Advisory

Hyperlink:http://secunia.com/advisories/30003

External Source: SECUNIA

Name: 29999

Type: Advisory

Hyperlink:http://secunia.com/advisories/29999

External Source: SECUNIA

Name: 29897

Type: Advisory

Hyperlink:http://secunia.com/advisories/29897

External Source: SECUNIA

Name: 29858

Type: Advisory

Hyperlink:http://secunia.com/advisories/29858

External Source: SECUNIA

Name: 29841

Type: Advisory

Hyperlink:http://secunia.com/advisories/29841

External Source: SECUNIA

Name: 29582

Type: Advisory

Hyperlink:http://secunia.com/advisories/29582

External Source: SECUNIA

Name: 29498

Type: Advisory

Hyperlink:http://secunia.com/advisories/29498

External Source: SECUNIA

Name: 29273

Type: Advisory

Hyperlink:http://secunia.com/advisories/29273

External Source: SECUNIA

Name: 29239

Type: Advisory

Hyperlink:http://secunia.com/advisories/29239

External Source: OVAL

Name: oval:org.mitre.oval:def:10278

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10278

External Source: SUSE

Name: SUSE-SA:2008:025

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html

External Source: SUSE

Name: SUSE-SA:2008:018

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html

External Source: APPLE

Name: APPLE-SA-2008-09-24

Hyperlink:http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

External Source: JVNDB

Name: JVNDB-2008-000016

Hyperlink:http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html

External Source: JVN

Name: JVN#04032535

Hyperlink:http://jvn.jp/en/jp/JVN04032535/index.html

External Source: BEA

Name: BEA08-201.00

Hyperlink:http://dev2dev.bea.com/pub/advisory/277

References to Check Content

Identifier:oval:org.mitre.oval:def:10278

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10278

Vulnerable software and versions

Configuration 1

* cpe:/a:sun:jre:6

* cpe:/a:sun:jre:6:update_1

* cpe:/a:sun:jre:6:update_2

* cpe:/a:sun:jre:6:update_3

* cpe:/a:sun:jre:6:update_4 and previous versions

* cpe:/a:sun:jdk:6

* cpe:/a:sun:jdk:6:update_1

* cpe:/a:sun:jdk:6:update_2

* cpe:/a:sun:jdk:6:update_3

* cpe:/a:sun:jdk:6:update_4 and previous versions

* cpe:/a:sun:jdk:5.0:update_1

* cpe:/a:sun:jdk:5.0:update_10

* cpe:/a:sun:jdk:5.0:update_11

* cpe:/a:sun:jdk:5.0:update_12

* cpe:/a:sun:jdk:5.0:update_13

* cpe:/a:sun:jdk:5.0:update_2

* cpe:/a:sun:jdk:5.0:update_3

* cpe:/a:sun:jdk:5.0:update_4

* cpe:/a:sun:jdk:5.0:update_5

* cpe:/a:sun:jdk:5.0:update_6

* cpe:/a:sun:jdk:5.0:update_7

* cpe:/a:sun:jdk:5.0:update_8

* cpe:/a:sun:jdk:5.0:update_9

* cpe:/a:sun:jdk:5.0:update_14 and previous versions

* cpe:/a:sun:jre:5.0

* cpe:/a:sun:jre:5.0:update_1

* cpe:/a:sun:jre:5.0:update_10

* cpe:/a:sun:jre:5.0:update_11

* cpe:/a:sun:jre:5.0:update_12

* cpe:/a:sun:jre:5.0:update_13

* cpe:/a:sun:jre:5.0:update_2

* cpe:/a:sun:jre:5.0:update_8

* cpe:/a:sun:jre:5.0:update_9

* cpe:/a:sun:jre:5.0:update_6

* cpe:/a:sun:jre:5.0:update_7

* cpe:/a:sun:jre:5.0:update_4

* cpe:/a:sun:jre:5.0:update_5

* cpe:/a:sun:jre:5.0:update_3

* cpe:/a:sun:jre:5.0:update_14 and previous versions

* cpe:/a:sun:sdk:1.4.2_06

* cpe:/a:sun:sdk:1.4.2_05

* cpe:/a:sun:sdk:1.4.2

* cpe:/a:sun:sdk:1.4.2_07

* cpe:/a:sun:sdk:1.4.2_01

* cpe:/a:sun:sdk:1.4.2_08

* cpe:/a:sun:sdk:1.4.2_02

* cpe:/a:sun:sdk:1.4.2_03

* cpe:/a:sun:sdk:1.4.2_04

* cpe:/a:sun:sdk:1.4.2_09

* cpe:/a:sun:sdk:1.4.2_1

* cpe:/a:sun:sdk:1.4.2_10

* cpe:/a:sun:sdk:1.4.2_11

* cpe:/a:sun:sdk:1.4.2_12

* cpe:/a:sun:sdk:1.4.2_13

* cpe:/a:sun:sdk:1.4.2_14

* cpe:/a:sun:sdk:1.4.2_15

* cpe:/a:sun:sdk:1.4.2_16 and previous versions

* cpe:/a:sun:jre:1.4.2_01

* cpe:/a:sun:jre:1.4.2_02

* cpe:/a:sun:jre:1.4.2_03

* cpe:/a:sun:jre:1.4.2_04

* cpe:/a:sun:jre:1.4.2_05

* cpe:/a:sun:jre:1.4.2_06

* cpe:/a:sun:jre:1.4.2_07

* cpe:/a:sun:jre:1.4.2_1

* cpe:/a:sun:jre:1.4.2_10

* cpe:/a:sun:jre:1.4.2_11

* cpe:/a:sun:jre:1.4.2_12

* cpe:/a:sun:jre:1.4.2_13

* cpe:/a:sun:jre:1.4.2_14 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Permissions, Privileges, and Access Control (CWE-264)
Insufficient Information (NVD-CWE-noinfo)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187