Java Runtime Environment Vulnerability in Sun JDK and JRE Products
CVE-2008-5355
Currently unrated
Summary
The Java Update feature in various versions of the Java Runtime Environment fails to verify the signature of downloaded JREs. This flaw enables remote attackers to exploit DNS man-in-the-middle attacks, potentially executing arbitrary code on affected systems. Users are advised to ensure they are running the latest versions and apply updates promptly to mitigate this risk.
References
EPSS Score
10% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved