Vulnerability in Java Web Start and Plug-in Affecting Sun JDK and JRE Products
CVE-2008-5344

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 December 2008

What is CVE-2008-5344?

This vulnerability in Java Web Start (JWS) and the Java Plug-in allows untrusted applets to potentially read arbitrary files and make unauthorized network connections. It stems from issues related to applet classloading, which can be exploited via various vectors, posing significant security risks to users of affected Java Development Kit (JDK) and Java Runtime Environment (JRE) versions.

References

http://osvdb.org/50513

vdb-entryx_refsource_OSVDB

http://marc.info/?l=bugtraq&m=126583436323697&w=2

vendor-advisoryx_refsource_HP

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2008
Vulnerability Reserved
Dec 4, 2008

Oracle

What is CVE-2008-5344?

References

Timeline