Vulnerability-Lookup

CVE-2008-1192 (GCVE-0-2008-1192)

Vulnerability from cvelistv5 – Published: 2008-03-06 21:00 – Updated: 2024-08-07 08:08

Summary

Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

32 references

URL	Tags
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://secunia.com/advisories/30676	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29841	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://secunia.com/advisories/32018	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29897	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29498	third-party-advisoryx_refsource_SECUNIA
http://dev2dev.bea.com/pub/advisory/277	vendor-advisoryx_refsource_BEA
http://security.gentoo.org/glsa/glsa-200804-28.xml	vendor-advisoryx_refsource_GENTOO
http://secunia.com/advisories/29239	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29858	third-party-advisoryx_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA08-066A.html	third-party-advisoryx_refsource_CERT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://support.apple.com/kb/HT3178	x_refsource_CONFIRM
http://secunia.com/advisories/29582	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1252	vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0770…	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/31497	third-party-advisoryx_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/30780	third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1019550	vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/1856…	vdb-entryx_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.gentoo.org/security/en/glsa/glsa-20080…	vendor-advisoryx_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-01…	vendor-advisoryx_refsource_REDHAT
http://support.apple.com/kb/HT3179	x_refsource_CONFIRM
http://secunia.com/advisories/29273	third-party-advisoryx_refsource_SECUNIA

Date Public

2008-03-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "233324",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1"
          },
          {
            "name": "APPLE-SA-2008-09-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
          },
          {
            "name": "30676",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30676"
          },
          {
            "name": "29841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29841"
          },
          {
            "name": "RHSA-2008:0267",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html"
          },
          {
            "name": "SUSE-SA:2008:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11813",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813"
          },
          {
            "name": "java-plugin-unspecified-security-bypass(41031)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41031"
          },
          {
            "name": "32018",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32018"
          },
          {
            "name": "29897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29897"
          },
          {
            "name": "29498",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29498"
          },
          {
            "name": "BEA08-201.00",
            "tags": [
              "vendor-advisory",
              "x_refsource_BEA",
              "x_transferred"
            ],
            "url": "http://dev2dev.bea.com/pub/advisory/277"
          },
          {
            "name": "GLSA-200804-28",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
          },
          {
            "name": "29239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29239"
          },
          {
            "name": "29858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29858"
          },
          {
            "name": "TA08-066A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html"
          },
          {
            "name": "SUSE-SA:2008:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3178"
          },
          {
            "name": "29582",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29582"
          },
          {
            "name": "ADV-2008-1252",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1252"
          },
          {
            "name": "ADV-2008-0770",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0770/references"
          },
          {
            "name": "31497",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31497"
          },
          {
            "name": "RHSA-2008:0210",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html"
          },
          {
            "name": "30780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30780"
          },
          {
            "name": "1019550",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019550"
          },
          {
            "name": "ADV-2008-1856",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1856/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
          },
          {
            "name": "GLSA-200804-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
          },
          {
            "name": "GLSA-200806-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
          },
          {
            "name": "RHSA-2008:0186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3179"
          },
          {
            "name": "29273",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29273"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and \"execute local applications\" via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "233324",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1"
        },
        {
          "name": "APPLE-SA-2008-09-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
        },
        {
          "name": "30676",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30676"
        },
        {
          "name": "29841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29841"
        },
        {
          "name": "RHSA-2008:0267",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html"
        },
        {
          "name": "SUSE-SA:2008:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11813",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813"
        },
        {
          "name": "java-plugin-unspecified-security-bypass(41031)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41031"
        },
        {
          "name": "32018",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32018"
        },
        {
          "name": "29897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29897"
        },
        {
          "name": "29498",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29498"
        },
        {
          "name": "BEA08-201.00",
          "tags": [
            "vendor-advisory",
            "x_refsource_BEA"
          ],
          "url": "http://dev2dev.bea.com/pub/advisory/277"
        },
        {
          "name": "GLSA-200804-28",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
        },
        {
          "name": "29239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29239"
        },
        {
          "name": "29858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29858"
        },
        {
          "name": "TA08-066A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html"
        },
        {
          "name": "SUSE-SA:2008:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3178"
        },
        {
          "name": "29582",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29582"
        },
        {
          "name": "ADV-2008-1252",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1252"
        },
        {
          "name": "ADV-2008-0770",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0770/references"
        },
        {
          "name": "31497",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31497"
        },
        {
          "name": "RHSA-2008:0210",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html"
        },
        {
          "name": "30780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30780"
        },
        {
          "name": "1019550",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019550"
        },
        {
          "name": "ADV-2008-1856",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1856/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
        },
        {
          "name": "GLSA-200804-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
        },
        {
          "name": "GLSA-200806-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
        },
        {
          "name": "RHSA-2008:0186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3179"
        },
        {
          "name": "29273",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29273"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1192",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and \"execute local applications\" via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "233324",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1"
            },
            {
              "name": "APPLE-SA-2008-09-24",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
            },
            {
              "name": "30676",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30676"
            },
            {
              "name": "29841",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29841"
            },
            {
              "name": "RHSA-2008:0267",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html"
            },
            {
              "name": "SUSE-SA:2008:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11813",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813"
            },
            {
              "name": "java-plugin-unspecified-security-bypass(41031)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41031"
            },
            {
              "name": "32018",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32018"
            },
            {
              "name": "29897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29897"
            },
            {
              "name": "29498",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29498"
            },
            {
              "name": "BEA08-201.00",
              "refsource": "BEA",
              "url": "http://dev2dev.bea.com/pub/advisory/277"
            },
            {
              "name": "GLSA-200804-28",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
            },
            {
              "name": "29239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29239"
            },
            {
              "name": "29858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29858"
            },
            {
              "name": "TA08-066A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html"
            },
            {
              "name": "SUSE-SA:2008:025",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3178",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3178"
            },
            {
              "name": "29582",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29582"
            },
            {
              "name": "ADV-2008-1252",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1252"
            },
            {
              "name": "ADV-2008-0770",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0770/references"
            },
            {
              "name": "31497",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31497"
            },
            {
              "name": "RHSA-2008:0210",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html"
            },
            {
              "name": "30780",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30780"
            },
            {
              "name": "1019550",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019550"
            },
            {
              "name": "ADV-2008-1856",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1856/references"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
            },
            {
              "name": "GLSA-200804-20",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
            },
            {
              "name": "GLSA-200806-11",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
            },
            {
              "name": "RHSA-2008:0186",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3179",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3179"
            },
            {
              "name": "29273",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29273"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1192",
    "datePublished": "2008-03-06T21:00:00.000Z",
    "dateReserved": "2008-03-06T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:08:57.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-1192",
      "date": "2026-05-29",
      "epss": "0.13804",
      "percentile": "0.94401"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1192\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-06T21:44:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and \\\"execute local applications\\\" via unknown vectors.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad no especificada en el Plug-in de Java para Sun JDK y JRE versi\u00f3n 6 Update 4 y anteriores, y versi\u00f3n 5.0 Update 14 y anteriores; y SDK y JRE versi\u00f3n 1.4.2_16 y anteriores, y versi\u00f3n 1.3.1_21 y anteriores; permite a atacantes remotos omitir la pol\u00edtica del mismo origen y \\\"execute local applications\\\" por medio de  vectores desconocidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-254\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D57BC929-6C98-4F36-B31B-6B946F986D41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE8E883F-E13D-4FB0-8C6F-B7628600E8D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AADA633-EB11-49A0-8E40-66589034F03E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"19DC29C5-1B9F-46DF-ACF6-3FF93E45777D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B120F7D9-7C1E-4716-B2FA-2990D449F754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD61E49F-2A46-4107-BB3F-527079983306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*\",\"matchCriteriaId\":\"D900AAE0-6032-4096-AFC2-3D43C55C6C83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"28BE548B-DD0C-4C58-98CA-5B803F04F9EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8E9AA0-8907-4B1A-86A1-08568195217D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A337AD31-4566-4A4E-AFF3-7EAECD5C90F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0754AFDC-2F1C-4C06-AB46-457B5E610029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"532CF9DD-0EBB-4B3B-BB9C-A8D78947A790\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC0ABF7A-107B-4B97-9BD7-7B0CEDAAF359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5DA4242-30D9-44C8-9D0D-877348FFA22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"C61C6043-99D0-4F36-AF84-1A5F90B895EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C94CEFBC-250D-472E-9A5B-E9E054C967C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"D98175BF-B084-4FA5-899D-9E80DC3923EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"820632CE-F8DF-47EE-B716-7530E60008B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"399B06AC-E101-48EE-A362-D75F7072FF5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0875E34D-8544-49B9-BAD9-8191CC103A07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62E772B9-8E41-476F-81F5-87B41F1827A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CE78463-2CE8-43C6-BB06-AA40C72B1A4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31A04480-92DF-49AD-9B36-7F1FCB29DE90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2FD0B72-683D-4FF6-BCF5-5DE85BF3064B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F78CD4B5-4B1D-4128-8AEA-2F967C38C6C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62CAA3E7-9D65-48F3-ACF7-9D705D94DE54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"477C310B-50AD-4D40-8EDB-4A80F0BF321D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60A1F526-6B28-47A3-8D2C-06CA067E9164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F09D9E-B04B-477E-86E6-E1B1F9650973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F929C59-9602-4962-95B4-4165D66E5935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B76949-9282-44D0-8075-74E482CE9A82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B072DD-FC4F-4E07-9837-0E16017CA4AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"969BE4EC-4D13-4B74-8137-FA0F83F0FDC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86408019-1B53-4AA8-9F05-47EBD0466EE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F47561-F59C-4904-8E05-D8A9629405A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB067445-8EA5-460F-B625-C21251E5A8D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4C075BC-607E-47A1-A32D-B912D2FA03BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"007175B8-48DB-46BE-B971-FB57B6A33723\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5E6F92A-FC59-4CE7-B7F8-94CBF3DC8F21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63978872-E797-4F13-B0F9-98CB67D0962A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EEAB662-644A-4D7B-8237-64142CF48724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9598A49-95F2-42DB-B92C-CD026F739B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BED1009E-AE60-43A0-A0F5-38526EFCF423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D011585C-0E62-4233-85FA-F29A07D68DA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F226D898-F0E8-41D8-BF40-54DE9FB5426D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB9CCD1-A67D-4800-9EC5-6E1A0B0B76E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE28C283-447A-4F83-B96B-69F96E663C1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D102063B-2434-4141-98E7-2DE501AE1728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03B8CD03-CD31-4F4D-BA90-59435578A4F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41A994BF-1F64-480A-8AA5-748DDD0AB68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88519F2D-AD06-4F05-BEDA-A09216F1B481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC728978-368D-4B36-B149-70473E92BD1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD5187B1-CB86-48E8-A595-9FCFD9822C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C660DE4-543A-4E9B-825D-CD099D08CBD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C1942E-16C0-4EB2-AB57-43EC6EC9C3A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"318719C9-7B01-4021-B2EF-8341254DFE6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F0AD0F9-E797-4E16-95F3-C1AFDA557D78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7FC09E8-7F30-4FE4-912E-588AA250E2A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"9919D091-73D7-465A-80FF-F37D6CAF9F46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"02565D6F-4CB2-4671-A4EF-3169BCFA6154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"452A3E51-9EAC-451D-BA04-A1E7B7D917EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E8C6AAC-C90B-4220-A69B-2A886A35CF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EA5B9E9-654D-44F7-AE98-3D8B382804AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"44051CFE-D15D-4416-A123-F3E49C67A9E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F296ACF3-1373-429D-B991-8B5BA704A7EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B863420B-DE16-416A-9640-1A1340A9B855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"724C972F-74FE-4044-BBC4-7E0E61FC9002\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"46F41C15-0EF4-4115-BFAA-EEAD56FAEEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE909DE-E55A-4BD3-A5BF-ADE407432193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DAC04D2-68FD-4793-A8E7-4690A543D7D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AF0780E-830E-4971-8F79-8FCF5D2EBC20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09027C19-D442-446F-B7A8-21DB6787CF43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7158D2C0-E9AC-4CD6-B777-EA7B7A181997\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"90EC6C13-4B37-48E5-8199-A702A944D5A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2528152C-E20A-4D97-931C-A5EC3CEAA06D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"167D85F7-0D94-49CC-8A5E-F5FAB00ADFBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34710306-D6CF-4D07-84BF-71A8839BE416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B93DC8-6375-4B41-B9BC-F22F592C56B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87BF46A9-8E4A-4583-B35F-052FD481DF66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32B351BB-6CA6-4CEF-9F5D-ED47774FC676\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA40FCD-1D34-4C47-908F-697433236153\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00639A84-BD03-4BD9-A655-F806693DBC8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14824B23-FF9F-4D6D-9D02-12B79BE346A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6493744C-A69D-4377-937E-85E7F5535EA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C09019B1-B873-41CE-951E-4777F324729C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC4209A0-E73F-4B5A-9925-B5D20F879455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"297DF5AD-FC22-432B-AE6A-2B1E6CFE1BE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFB8516D-03C4-478D-AFE2-824867FDC739\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F82AED17-FEC3-47D0-A395-26ACD07FBE52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9630BC7B-9039-4FA6-86F8-5274783F3EB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1A6A15C-216A-42B1-84EF-B3D9A313D4A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC39C819-9439-4029-8377-F6D58B3DFDFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A053DEF6-1317-4DA8-91D7-E1970DA62351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0DBFDD8-40AE-44F2-8F02-FB7A4FAE5235\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB0605FF-3DDC-4F3A-8171-F3A447E9C292\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"801FF3B4-0729-4710-BFC2-4B078029944F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EB8591E-3D6E-489B-B0D6-CEBB9D09EA68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A411676-6666-4B54-A008-443B9B42F670\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"002CA86D-3090-4C7A-947A-21CB5D1ADD98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F6453C9-7EE0-4FFB-861D-C2D9416DCABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89BF16DE-EEAB-4DA5-BFF1-7A0A58DE141F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DDE253E-C8B6-4C1D-AECE-ABEA1A67306B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56D9A60-F272-4D4C-A9DD-C93DAF783585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF109CAA-E8D2-4BD7-BE7C-AF8B2A78672E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976F4ACB-3725-45B7-B2EF-DEE4B88254E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52BDD6A8-1611-4C3C-865D-6EDB5B9F8D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A1F28FF-652A-4C89-9AC6-5E212F890811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96A8C351-E9CD-431B-8B9D-712CA54C7213\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36888382-79C8-4C97-A654-C668CD68556F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F34C99E6-F9F0-4EF3-8601-B47EAE3D7273\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74DD08D-CEDB-460E-BED5-78F6CAF18BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60560EC-6DBD-4A17-BFFA-FAD9193A0BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F64FBC-DC97-4FE3-A235-18B87945AF7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85048406-9051-4E69-94A8-5C449F3B89E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C88DD7-0B46-4405-BD35-60D27E2DBA14\"}]}]}],\"references\":[{\"url\":\"http://dev2dev.bea.com/pub/advisory/277\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29239\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29273\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29498\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29582\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29841\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29858\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29897\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30676\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30780\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31497\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/32018\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200804-28.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3178\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3179\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0186.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0210.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0267.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1019550\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-066A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0010.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0770/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1252\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1856/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41031\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://dev2dev.bea.com/pub/advisory/277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29273\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29498\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29582\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29841\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/30780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/32018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200804-28.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0186.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0210.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0267.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id?1019550\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-066A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2008-0010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/0770/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1856/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

RHSA-2008:0638

Vulnerability from csaf_redhat - Published: 2008-08-13 14:19 - Updated: 2025-11-21 17:33

Summary

Red Hat Security Advisory: Red Hat Network Satellite Server IBM Java Runtime security update

Severity

Low

Notes

Topic: Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in the Red Hat Network Satellite Server IBM Java Runtime Environment for IBM S/390 and IBM System z architectures. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details: This release corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.1 for IBM S/390 and IBM System z architectures. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Multiple flaws were fixed in the IBM Java 1.5.0 Runtime Environment. (CVE-2008-0657, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-3104, CVE-2008-3106, CVE-2008-3108, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114) Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to 5.1.1, which resolves these issues.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2008-0657

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Important

CVE-2008-1187

Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-1188

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-1189

Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-1190

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-1192

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-1193

Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-1194

Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-1195

Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-1196

Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-3104

Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-3106

Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2008-3108

Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-3111

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-3112

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-3113

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Critical

CVE-2008-3114

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390	—	Vendor Fix fix
Unresolved product id: 4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x	—	Vendor Fix fix

Threats

Impact Moderate

References

82 references

URL	Category
https://access.redhat.com/errata/RHSA-2008:0638	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=436030	external
https://bugzilla.redhat.com/show_bug.cgi?id=436302	external
https://bugzilla.redhat.com/show_bug.cgi?id=431861	external
https://bugzilla.redhat.com/show_bug.cgi?id=436293	external
https://bugzilla.redhat.com/show_bug.cgi?id=436295	external
https://bugzilla.redhat.com/show_bug.cgi?id=436296	external
https://bugzilla.redhat.com/show_bug.cgi?id=436299	external
https://bugzilla.redhat.com/show_bug.cgi?id=452649	external
https://bugzilla.redhat.com/show_bug.cgi?id=454601	external
https://bugzilla.redhat.com/show_bug.cgi?id=454604	external
https://bugzilla.redhat.com/show_bug.cgi?id=454605	external
https://bugzilla.redhat.com/show_bug.cgi?id=454606	external
https://bugzilla.redhat.com/show_bug.cgi?id=454607	external
https://bugzilla.redhat.com/show_bug.cgi?id=454608	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2008-0657	self
https://bugzilla.redhat.com/show_bug.cgi?id=431861	external
https://www.cve.org/CVERecord?id=CVE-2008-0657	external
https://nvd.nist.gov/vuln/detail/CVE-2008-0657	external
https://access.redhat.com/security/cve/CVE-2008-1187	self
https://bugzilla.redhat.com/show_bug.cgi?id=436030	external
https://www.cve.org/CVERecord?id=CVE-2008-1187	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1187	external
https://access.redhat.com/security/cve/CVE-2008-1188	self
https://bugzilla.redhat.com/show_bug.cgi?id=436293	external
https://www.cve.org/CVERecord?id=CVE-2008-1188	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1188	external
https://access.redhat.com/security/cve/CVE-2008-1189	self
https://www.cve.org/CVERecord?id=CVE-2008-1189	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1189	external
https://access.redhat.com/security/cve/CVE-2008-1190	self
https://www.cve.org/CVERecord?id=CVE-2008-1190	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1190	external
https://access.redhat.com/security/cve/CVE-2008-1192	self
https://bugzilla.redhat.com/show_bug.cgi?id=436295	external
https://www.cve.org/CVERecord?id=CVE-2008-1192	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1192	external
https://access.redhat.com/security/cve/CVE-2008-1193	self
https://bugzilla.redhat.com/show_bug.cgi?id=436296	external
https://www.cve.org/CVERecord?id=CVE-2008-1193	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1193	external
https://access.redhat.com/security/cve/CVE-2008-1194	self
https://www.cve.org/CVERecord?id=CVE-2008-1194	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1194	external
https://access.redhat.com/security/cve/CVE-2008-1195	self
https://bugzilla.redhat.com/show_bug.cgi?id=436299	external
https://www.cve.org/CVERecord?id=CVE-2008-1195	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1195	external
https://access.redhat.com/security/cve/CVE-2008-1196	self
https://bugzilla.redhat.com/show_bug.cgi?id=436302	external
https://www.cve.org/CVERecord?id=CVE-2008-1196	external
https://nvd.nist.gov/vuln/detail/CVE-2008-1196	external
https://access.redhat.com/security/cve/CVE-2008-3104	self
https://bugzilla.redhat.com/show_bug.cgi?id=454601	external
https://www.cve.org/CVERecord?id=CVE-2008-3104	external
https://nvd.nist.gov/vuln/detail/CVE-2008-3104	external
https://access.redhat.com/security/cve/CVE-2008-3106	self
https://bugzilla.redhat.com/show_bug.cgi?id=1618330	external
https://www.cve.org/CVERecord?id=CVE-2008-3106	external
https://nvd.nist.gov/vuln/detail/CVE-2008-3106	external
https://access.redhat.com/security/cve/CVE-2008-3108	self
https://bugzilla.redhat.com/show_bug.cgi?id=454604	external
https://www.cve.org/CVERecord?id=CVE-2008-3108	external
https://nvd.nist.gov/vuln/detail/CVE-2008-3108	external
https://access.redhat.com/security/cve/CVE-2008-3111	self
https://bugzilla.redhat.com/show_bug.cgi?id=454605	external
https://www.cve.org/CVERecord?id=CVE-2008-3111	external
https://nvd.nist.gov/vuln/detail/CVE-2008-3111	external
https://access.redhat.com/security/cve/CVE-2008-3112	self
https://bugzilla.redhat.com/show_bug.cgi?id=454606	external
https://www.cve.org/CVERecord?id=CVE-2008-3112	external
https://nvd.nist.gov/vuln/detail/CVE-2008-3112	external
https://access.redhat.com/security/cve/CVE-2008-3113	self
https://bugzilla.redhat.com/show_bug.cgi?id=454607	external
https://www.cve.org/CVERecord?id=CVE-2008-3113	external
https://nvd.nist.gov/vuln/detail/CVE-2008-3113	external
https://access.redhat.com/security/cve/CVE-2008-3114	self
https://bugzilla.redhat.com/show_bug.cgi?id=454608	external
https://www.cve.org/CVERecord?id=CVE-2008-3114	external
https://nvd.nist.gov/vuln/detail/CVE-2008-3114	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Network Satellite Server version 5.1.1 is now available. This\nupdate includes fixes for a number of security issues in the Red Hat\nNetwork Satellite Server IBM Java Runtime Environment for IBM S/390 and IBM\nSystem z architectures.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This release corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server 5.1\nfor IBM S/390 and IBM System z architectures. In a typical operating\nenvironment, these are of low security risk as the runtime is not used on\nuntrusted applets.\n\nMultiple flaws were fixed in the IBM Java 1.5.0 Runtime Environment.\n(CVE-2008-0657, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190,\nCVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196,\nCVE-2008-3104, CVE-2008-3106, CVE-2008-3108, CVE-2008-3111, CVE-2008-3112,\nCVE-2008-3113, CVE-2008-3114)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\n5.1.1, which resolves these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0638",
        "url": "https://access.redhat.com/errata/RHSA-2008:0638"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "436030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
      },
      {
        "category": "external",
        "summary": "436302",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436302"
      },
      {
        "category": "external",
        "summary": "431861",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431861"
      },
      {
        "category": "external",
        "summary": "436293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436293"
      },
      {
        "category": "external",
        "summary": "436295",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436295"
      },
      {
        "category": "external",
        "summary": "436296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
      },
      {
        "category": "external",
        "summary": "436299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436299"
      },
      {
        "category": "external",
        "summary": "452649",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452649"
      },
      {
        "category": "external",
        "summary": "454601",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454601"
      },
      {
        "category": "external",
        "summary": "454604",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454604"
      },
      {
        "category": "external",
        "summary": "454605",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454605"
      },
      {
        "category": "external",
        "summary": "454606",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454606"
      },
      {
        "category": "external",
        "summary": "454607",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454607"
      },
      {
        "category": "external",
        "summary": "454608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454608"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0638.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Network Satellite Server IBM Java Runtime security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:33:39+00:00",
      "generator": {
        "date": "2025-11-21T17:33:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2008:0638",
      "initial_release_date": "2008-08-13T14:19:00+00:00",
      "revision_history": [
        {
          "date": "2008-08-13T14:19:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-08-13T10:19:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:33:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.1::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x",
                "product": {
                  "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x",
                  "product_id": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.8-1jpp.1.el4?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
                "product": {
                  "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
                  "product_id": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.8-1jpp.1.el4?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
                "product": {
                  "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
                  "product_id": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-ibm-devel@1.5.0.8-1jpp.1.el4?arch=s390\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
                "product": {
                  "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
                  "product_id": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.5.0-ibm@1.5.0.8-1jpp.1.el4?arch=s390\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390"
        },
        "product_reference": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x"
        },
        "product_reference": "java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390 as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390"
        },
        "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        },
        "product_reference": "java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-0657",
      "discovery_date": "2008-02-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "431861"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "java-1.5.0 Privilege escalation via unstrusted applet and application",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0657"
        },
        {
          "category": "external",
          "summary": "RHBZ#431861",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431861"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0657",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0657"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0657",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0657"
        }
      ],
      "release_date": "2008-02-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "java-1.5.0 Privilege escalation via unstrusted applet and application"
    },
    {
      "cve": "CVE-2008-1187",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436030"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Untrusted applet and application XSLT processing privilege escalation",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1187"
        },
        {
          "category": "external",
          "summary": "RHBZ#436030",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436030"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1187",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1187"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Untrusted applet and application XSLT processing privilege escalation"
    },
    {
      "cve": "CVE-2008-1188",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436293"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka \"The first two issues.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1188"
        },
        {
          "category": "external",
          "summary": "RHBZ#436293",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436293"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1188",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1188"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1188",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1188"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)"
    },
    {
      "cve": "CVE-2008-1189",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436293"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the \"third\" issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1189"
        },
        {
          "category": "external",
          "summary": "RHBZ#436293",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436293"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1189",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1189"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1189",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1189"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)"
    },
    {
      "cve": "CVE-2008-1190",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436293"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the \"fourth\" issue.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1190"
        },
        {
          "category": "external",
          "summary": "RHBZ#436293",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436293"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1190"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1190",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1190"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)"
    },
    {
      "cve": "CVE-2008-1192",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436295"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and \"execute local applications\" via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java Plugin same-origin-policy bypass",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1192"
        },
        {
          "category": "external",
          "summary": "RHBZ#436295",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436295"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1192"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1192",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1192"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Java Plugin same-origin-policy bypass"
    },
    {
      "cve": "CVE-2008-1193",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1193"
        },
        {
          "category": "external",
          "summary": "RHBZ#436296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1193",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1193"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
    },
    {
      "cve": "CVE-2008-1194",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JRE image parsing library allows privilege escalation (CVE-2008-1194)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1194"
        },
        {
          "category": "external",
          "summary": "RHBZ#436296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1194",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1194"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1194"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JRE image parsing library allows privilege escalation (CVE-2008-1194)"
    },
    {
      "cve": "CVE-2008-1195",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436299"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java-API calls in untrusted Javascript allow network privilege escalation",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1195"
        },
        {
          "category": "external",
          "summary": "RHBZ#436299",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436299"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1195"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1195",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1195"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Java-API calls in untrusted Javascript allow network privilege escalation"
    },
    {
      "cve": "CVE-2008-1196",
      "discovery_date": "2008-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "436302"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Buffer overflow security vulnerabilities in Java Web Start",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1196"
        },
        {
          "category": "external",
          "summary": "RHBZ#436302",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436302"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1196",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1196"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1196",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1196"
        }
      ],
      "release_date": "2008-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Buffer overflow security vulnerabilities in Java Web Start"
    },
    {
      "cve": "CVE-2008-3104",
      "discovery_date": "2008-07-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "454601"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet\u0027s outbound connections by connecting to localhost services running on the machine that loaded the applet.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java RE allows Same Origin Policy to be Bypassed (6687932)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3104"
        },
        {
          "category": "external",
          "summary": "RHBZ#454601",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454601"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3104"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3104",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3104"
        }
      ],
      "release_date": "2008-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Java RE allows Same Origin Policy to be Bypassed (6687932)"
    },
    {
      "cve": "CVE-2008-3106",
      "discovery_date": "2008-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618330"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3106"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618330",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618330"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3106"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3106",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3106"
        }
      ],
      "release_date": "2008-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2008-3108",
      "discovery_date": "2008-07-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "454604"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3108"
        },
        {
          "category": "external",
          "summary": "RHBZ#454604",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454604"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3108",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3108"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3108",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3108"
        }
      ],
      "release_date": "2008-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)"
    },
    {
      "cve": "CVE-2008-3111",
      "discovery_date": "2008-07-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "454605"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java Web Start Buffer overflow vulnerabilities (6557220)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3111"
        },
        {
          "category": "external",
          "summary": "RHBZ#454605",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454605"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3111"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3111",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3111"
        }
      ],
      "release_date": "2008-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Java Web Start Buffer overflow vulnerabilities (6557220)"
    },
    {
      "cve": "CVE-2008-3112",
      "discovery_date": "2008-07-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "454606"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java Web Start, arbitrary file creation (6703909)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3112"
        },
        {
          "category": "external",
          "summary": "RHBZ#454606",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454606"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3112"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3112",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3112"
        }
      ],
      "release_date": "2008-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Java Web Start, arbitrary file creation (6703909)"
    },
    {
      "cve": "CVE-2008-3113",
      "discovery_date": "2008-07-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "454607"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java Web Start arbitrary file creation/deletion file with user permissions (6704077)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3113"
        },
        {
          "category": "external",
          "summary": "RHBZ#454607",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454607"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3113"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3113",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3113"
        }
      ],
      "release_date": "2008-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Java Web Start arbitrary file creation/deletion file with user permissions (6704077)"
    },
    {
      "cve": "CVE-2008-3114",
      "discovery_date": "2008-07-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "454608"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Java Web Start, untrusted application may determine Cache Location  (6704074)",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
          "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3114"
        },
        {
          "category": "external",
          "summary": "RHBZ#454608",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454608"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3114",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3114"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3114",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3114"
        }
      ],
      "release_date": "2008-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-08-13T14:19:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4.s390x",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390",
            "4AS-RHNSAT5.1:java-1.5.0-ibm-devel-1:1.5.0.8-1jpp.1.el4.s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0638"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Java Web Start, untrusted application may determine Cache Location  (6704074)"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1192 (GCVE-0-2008-1192)

RHSA-2008:0638

Tags

Sightings

Nomenclature