CVE-2008-5355

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdk; Jre; Sdk
Vendor: CVE Published:; 5 December 2008

Summary

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

References

http://www.securitytracker.com/id?1021315

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://security.gentoo.org/glsa/glsa-200911-02.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 5, 2008
Vulnerability Reserved
Dec 4, 2008