Vulnerability in Java Web Start and Plug-in Affecting Sun JDK and JRE Products
CVE-2008-5344

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 December 2008

Summary

This vulnerability in Java Web Start (JWS) and the Java Plug-in allows untrusted applets to potentially read arbitrary files and make unauthorized network connections. It stems from issues related to applet classloading, which can be exploited via various vectors, posing significant security risks to users of affected Java Development Kit (JDK) and Java Runtime Environment (JRE) versions.

References

http://osvdb.org/50513

vdb-entryx_refsource_OSVDB

http://marc.info/?l=bugtraq&m=126583436323697&w=2

vendor-advisoryx_refsource_HP

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Dec 5, 2008
Vulnerability Reserved
Dec 4, 2008