CVE-2008-5353 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2008-5353

CVE-2008-5353

December 05, 2008

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".

Related Resources (42)

http://secunia.com/advisories/34889

http://secunia.com/advisories/33528

http://www.redhat.com/support/errata/RHSA-2009-0015.html

http://rhn.redhat.com/errata/RHSA-2008-1025.html

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

http://osvdb.org/50500

http://secunia.com/advisories/33710

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html

http://secunia.com/advisories/32991

http://secunia.com/advisories/33015

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

http://marc.info/?l=bugtraq&m=123678756409861&w=2

http://www.vupen.com/english/advisories/2008/3339

http://www.vupen.com/english/advisories/2009/1391

http://secunia.com/advisories/35118

https://rhn.redhat.com/errata/RHSA-2009-0466.html

http://secunia.com/advisories/34972

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

http://secunia.com/advisories/37386

http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html

http://www.us-cert.gov/cas/techalerts/TA08-340A.html

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6511

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://blog.cr0.org/2009/05/write-once-own-everyone.html

http://secunia.com/advisories/34233

http://secunia.com/advisories/35065

http://www.redhat.com/support/errata/RHSA-2009-0016.html

http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

http://secunia.com/advisories/34605

http://secunia.com/advisories/38539

http://www.securityfocus.com/archive/1/503797/100/0/threaded

http://www.securitytracker.com/id?1021313

http://rhn.redhat.com/errata/RHSA-2008-1018.html

http://secunia.com/advisories/33709

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://www.vupen.com/english/advisories/2009/0672

http://www.securityfocus.com/bid/32608

http://marc.info/?l=bugtraq&m=126583436323697&w=2

http://secunia.com/advisories/34259

http://www.redhat.com/support/errata/RHSA-2009-0445.html

Do you need more information?

CVSS v4

Base Score:

8.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

POC

CVSS v3

Base Score:

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Exploit Maturity

FUNCTIONAL

CVSS v2

Base Score:

10

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

EPSS

Base Score:

90.12