CVE-2008-1187
Untrusted applet and application XSLT processing privilege escalation
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
Una vulnerabilidad no especificada en Sun Java Runtime Environment (JRE) y JDK versión 6 Update 4 y anteriores, versión 5.0 Update 14 y anteriores, y SDK/JRE versión 1.4.2_16 y anteriores, permite a atacantes remotos causar una denegación de servicio (bloqueo de JRE) y posiblemente ejecutar código arbitrario por medio de vectores desconocidos relacionados con las transformaciones XSLT.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-03-06 CVE Reserved
- 2008-03-06 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (47)
| URL | Tag | Source |
|---|---|---|
| http://jvn.jp/en/jp/JVN04032535/index.html | Third Party Advisory | |
| http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html | Third Party Advisory | |
| http://support.apple.com/kb/HT3178 | X_refsource_confirm |
|
| http://support.apple.com/kb/HT3179 | X_refsource_confirm |
|
| http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5033642.html | X_refsource_confirm | |
| http://www.securitytracker.com/id?1019548 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA08-066A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41025 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10278 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://download.novell.com/Download?buildid=q5exhSqeBjA~ | 2017-09-29 | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1 | 2017-09-29 | |
| http://www.vmware.com/security/advisories/VMSA-2008-0010.html | 2017-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | <= 5.0 Search vendor "Sun" for product "Jdk" and version " <= 5.0" | update_14 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | <= 6 Search vendor "Sun" for product "Jdk" and version " <= 6" | update_4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_10 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_11 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_12 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_13 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_5 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_6 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_7 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_8 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 5.0 Search vendor "Sun" for product "Jdk" and version "5.0" | update_9 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 6 Search vendor "Sun" for product "Jdk" and version "6" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 6 Search vendor "Sun" for product "Jdk" and version "6" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 6 Search vendor "Sun" for product "Jdk" and version "6" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jdk Search vendor "Sun" for product "Jdk" | 6 Search vendor "Sun" for product "Jdk" and version "6" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | <= 1.4.2_14 Search vendor "Sun" for product "Jre" and version " <= 1.4.2_14" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | <= 5.0 Search vendor "Sun" for product "Jre" and version " <= 5.0" | update_14 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | <= 6 Search vendor "Sun" for product "Jre" and version " <= 6" | update_4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_01 Search vendor "Sun" for product "Jre" and version "1.4.2_01" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_1 Search vendor "Sun" for product "Jre" and version "1.4.2_1" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_02 Search vendor "Sun" for product "Jre" and version "1.4.2_02" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_03 Search vendor "Sun" for product "Jre" and version "1.4.2_03" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_04 Search vendor "Sun" for product "Jre" and version "1.4.2_04" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_05 Search vendor "Sun" for product "Jre" and version "1.4.2_05" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_06 Search vendor "Sun" for product "Jre" and version "1.4.2_06" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_07 Search vendor "Sun" for product "Jre" and version "1.4.2_07" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_10 Search vendor "Sun" for product "Jre" and version "1.4.2_10" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_11 Search vendor "Sun" for product "Jre" and version "1.4.2_11" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_12 Search vendor "Sun" for product "Jre" and version "1.4.2_12" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 1.4.2_13 Search vendor "Sun" for product "Jre" and version "1.4.2_13" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_10 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_11 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_12 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_13 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_4 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_5 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_6 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_7 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_8 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 5.0 Search vendor "Sun" for product "Jre" and version "5.0" | update_9 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 6 Search vendor "Sun" for product "Jre" and version "6" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 6 Search vendor "Sun" for product "Jre" and version "6" | update_1 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 6 Search vendor "Sun" for product "Jre" and version "6" | update_2 |
Affected
| ||||||
| Sun Search vendor "Sun" | Jre Search vendor "Sun" for product "Jre" | 6 Search vendor "Sun" for product "Jre" and version "6" | update_3 |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | <= 1.4.2_16 Search vendor "Sun" for product "Sdk" and version " <= 1.4.2_16" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2 Search vendor "Sun" for product "Sdk" and version "1.4.2" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_01 Search vendor "Sun" for product "Sdk" and version "1.4.2_01" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_1 Search vendor "Sun" for product "Sdk" and version "1.4.2_1" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_02 Search vendor "Sun" for product "Sdk" and version "1.4.2_02" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_03 Search vendor "Sun" for product "Sdk" and version "1.4.2_03" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_04 Search vendor "Sun" for product "Sdk" and version "1.4.2_04" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_05 Search vendor "Sun" for product "Sdk" and version "1.4.2_05" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_06 Search vendor "Sun" for product "Sdk" and version "1.4.2_06" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_07 Search vendor "Sun" for product "Sdk" and version "1.4.2_07" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_08 Search vendor "Sun" for product "Sdk" and version "1.4.2_08" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_09 Search vendor "Sun" for product "Sdk" and version "1.4.2_09" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_10 Search vendor "Sun" for product "Sdk" and version "1.4.2_10" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_11 Search vendor "Sun" for product "Sdk" and version "1.4.2_11" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_12 Search vendor "Sun" for product "Sdk" and version "1.4.2_12" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_13 Search vendor "Sun" for product "Sdk" and version "1.4.2_13" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_14 Search vendor "Sun" for product "Sdk" and version "1.4.2_14" | - |
Affected
| ||||||
| Sun Search vendor "Sun" | Sdk Search vendor "Sun" for product "Sdk" | 1.4.2_15 Search vendor "Sun" for product "Sdk" and version "1.4.2_15" | - |
Affected
| ||||||