Java Runtime Environment Vulnerability in Sun JDK and JRE Products
CVE-2008-5355

Currently unrated

Key Information:

Vendor

Oracle
Status
Jdk
Jre
Sdk
Vendor
CVE Published:
5 December 2008

What is CVE-2008-5355?

The Java Update feature in various versions of the Java Runtime Environment fails to verify the signature of downloaded JREs. This flaw enables remote attackers to exploit DNS man-in-the-middle attacks, potentially executing arbitrary code on affected systems. Users are advised to ensure they are running the latest versions and apply updates promptly to mitigate this risk.

References

http://www.securitytracker.com/id?1021315
vdb-entryx_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://security.gentoo.org/glsa/glsa-200911-02.xml
vendor-advisoryx_refsource_GENTOO

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.