// For flags

CVE-2008-0657

java-1.5.0 Privilege escalation via unstrusted applet and application

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

Múltiples vulnerabilidades no especificadas en el Java Runtime Environment en Sun JDK y JRE 6 Update 1 y versiones anteriores y 5.0 Update 13 y versiones anteriores, permite a atacantes según contexto conseguir privilegios a través de (1) aplicación o (2) applet no confiables, como se demostró por una aplicación o applet que garantiza de por sí privilegios de (a) lectura en archivos locales (b) escritura en archivos locales, o (c) ejecución de programas locales.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-02-07 CVE Reserved
  • 2008-02-07 CVE Published
  • 2024-07-11 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (28)
URL Tag Source
http://secunia.com/advisories/28888 Third Party Advisory
http://secunia.com/advisories/29214 Third Party Advisory
http://secunia.com/advisories/29498 Third Party Advisory
http://secunia.com/advisories/29841 Third Party Advisory
http://secunia.com/advisories/29858 Third Party Advisory
http://secunia.com/advisories/29897 Third Party Advisory
http://secunia.com/advisories/30676 Third Party Advisory
http://secunia.com/advisories/30780 Third Party Advisory
http://secunia.com/advisories/31497 Third Party Advisory
http://www.securityfocus.com/bid/27650 Vdb Entry
http://www.securitytracker.com/id?1019308 Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2008-0010.html X_refsource_confirm
http://www.vupen.com/english/advisories/2008/0429 Vdb Entry
http://www.vupen.com/english/advisories/2008/1252 Vdb Entry
http://www.vupen.com/english/advisories/2008/1856/references Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11505 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/28795 2017-09-29
URL Date SRC
http://dev2dev.bea.com/pub/advisory/277 2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html 2017-09-29
http://security.gentoo.org/glsa/glsa-200804-28.xml 2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231261-1 2017-09-29
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml 2017-09-29
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml 2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0123.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0156.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0210.html 2017-09-29
https://access.redhat.com/security/cve/CVE-2008-0657 2008-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=431861 2008-08-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 <= 1.5.0
Search vendor "Sun" for product "Jre" and version " <= 1.5.0"
update13
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 <= 1.6.0
Search vendor "Sun" for product "Jre" and version " <= 1.6.0"
update1
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 <= 5.0_update13
Search vendor "Sun" for product "Jdk" and version " <= 5.0_update13"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 <= 1.6.0
Search vendor "Sun" for product "Jre" and version " <= 1.6.0"
update1
Affected