Java Runtime Environment Vulnerability in Sun JDK and JRE Products
CVE-2008-5355

Currently unrated

Key Information:

Vendor
Oracle
Status
Vendor
CVE Published:
5 December 2008

Summary

The Java Update feature in various versions of the Java Runtime Environment fails to verify the signature of downloaded JREs. This flaw enables remote attackers to exploit DNS man-in-the-middle attacks, potentially executing arbitrary code on affected systems. Users are advised to ensure they are running the latest versions and apply updates promptly to mitigate this risk.

References

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.