Home > Vulnerability Database > CVE-2008-2086

Mend.io Vulnerability Database

CVE-2008-2086

Date: December 4, 2008

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.

Severity Score

8.1

Related Resources (39)

Url: http://secunia.com/advisories/38539

Url: http://marc.info/?l=bugtraq&m=123678756409861&w=2

Url: http://secunia.com/advisories/32991

Url: http://secunia.com/advisories/33528

Url: http://www.redhat.com/support/errata/RHSA-2009-0015.html

Url: http://secunia.com/advisories/37386

Url: http://secunia.com/advisories/35065

Url: http://secunia.com/advisories/34233

Url: http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

Url: http://www.redhat.com/support/errata/RHSA-2009-0445.html

Url: http://marc.info/?l=bugtraq&m=126583436323697&w=2

Url: http://www.securityfocus.com/bid/32620

Url: http://www.securityfocus.com/archive/1/498907/100/0/threaded

Url: http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

Url: http://securityreason.com/securityalert/4693

Url: http://www.vupen.com/english/advisories/2009/0672

Url: http://secunia.com/advisories/33710

Url: http://osvdb.org/50510

Url: http://secunia.com/advisories/34889

Url: http://security.gentoo.org/glsa/glsa-200911-02.xml

Url: http://secunia.com/advisories/34605

Url: http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

Url: http://www.us-cert.gov/cas/techalerts/TA08-340A.html

Url: http://www.redhat.com/support/errata/RHSA-2008-1018.html

Url: http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm

Url: http://secunia.com/advisories/33015

Url: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

Url: http://www.redhat.com/support/errata/RHSA-2009-0016.html

Url: http://rhn.redhat.com/errata/RHSA-2008-1025.html

Url: http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

Url: http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt

Url: http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-2086

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5601

Url: http://www.vupen.com/english/advisories/2009/0424

Url: http://www.securitytracker.com/id?1021318

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1

Url: https://www.mend.io/vulnerability-database/CVE-2008-2086

Severity Score

8.1

Weakness Type (CWE)

Code Injection

CWE-94

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-2086

Date: December 4, 2008

Severity Score

Related Resources (39)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?