Java Runtime Environment Vulnerability in Sun JDK and JRE Products
CVE-2008-5355

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 December 2008

Summary

The Java Update feature in various versions of the Java Runtime Environment fails to verify the signature of downloaded JREs. This flaw enables remote attackers to exploit DNS man-in-the-middle attacks, potentially executing arbitrary code on affected systems. Users are advised to ensure they are running the latest versions and apply updates promptly to mitigate this risk.

References

http://www.securitytracker.com/id?1021315

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://security.gentoo.org/glsa/glsa-200911-02.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 5, 2008
Vulnerability Reserved
Dec 4, 2008