// For flags

CVE-2008-1195

Java-API calls in untrusted Javascript allow network privilege escalation

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.

Vulnerabilidad sin especificar en Sun JDK y Java Runtime Environment (JRE) 6 Actualización 4 y anteriores y 5.0 Update 14 y anteriores; y SDK y JRE 1.4.2_16 y anteriores; permite a atacantes remotos acceder a servicios de red de su elección en el host local a través de vectores no especificados relacionados con JavaScript y APIs de Java.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-03-06 CVE Reserved
  • 2008-03-06 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-254: 7PK - Security Features
CAPEC
References (47)
URL Tag Source
http://secunia.com/advisories/29239 Third Party Advisory
http://secunia.com/advisories/29273 Third Party Advisory
http://secunia.com/advisories/29498 Third Party Advisory
http://secunia.com/advisories/29526 Third Party Advisory
http://secunia.com/advisories/29541 Third Party Advisory
http://secunia.com/advisories/29547 Third Party Advisory
http://secunia.com/advisories/29560 Third Party Advisory
http://secunia.com/advisories/29582 Third Party Advisory
http://secunia.com/advisories/29645 Third Party Advisory
http://secunia.com/advisories/29858 Third Party Advisory
http://secunia.com/advisories/29897 Third Party Advisory
http://secunia.com/advisories/30620 Third Party Advisory
http://secunia.com/advisories/30676 Third Party Advisory
http://secunia.com/advisories/30780 Third Party Advisory
http://secunia.com/advisories/31497 Third Party Advisory
http://secunia.com/advisories/32018 Third Party Advisory
http://support.apple.com/kb/HT3178 Third Party Advisory
http://support.apple.com/kb/HT3179 Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128 Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-18.html Third Party Advisory
http://www.securityfocus.com/archive/1/490196/100/0/threaded Mailing List
http://www.securitytracker.com/id?1019553 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-066A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-087A.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0010.html Third Party Advisory
http://www.vupen.com/english/advisories/2008/0770/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/0998/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/1793/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/1856/references Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/41030 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html 2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html 2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html 2019-07-31
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html 2019-07-31
http://security.gentoo.org/glsa/glsa-200804-28.xml 2019-07-31
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1 2019-07-31
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 2019-07-31
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml 2019-07-31
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml 2019-07-31
http://www.mandriva.com/security/advisories?name=MDVSA-2008:080 2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0186.html 2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0210.html 2019-07-31
http://www.redhat.com/support/errata/RHSA-2008-0267.html 2019-07-31
http://www.ubuntu.com/usn/usn-592-1 2019-07-31
https://access.redhat.com/security/cve/CVE-2008-1195 2008-08-13
https://bugzilla.redhat.com/show_bug.cgi?id=436299 2008-08-13
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
-
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update1
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update10
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update11
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update12
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update13
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update14
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update2
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update3
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update4
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update5
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update6
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update7
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update8
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.5.0
Search vendor "Sun" for product "Jdk" and version "1.5.0"
update9
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
-
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_3
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 1.6.0
Search vendor "Sun" for product "Jdk" and version "1.6.0"
update_4
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2
Search vendor "Sun" for product "Jre" and version "1.4.2"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_1
Search vendor "Sun" for product "Jre" and version "1.4.2_1"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_2
Search vendor "Sun" for product "Jre" and version "1.4.2_2"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_3
Search vendor "Sun" for product "Jre" and version "1.4.2_3"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_4
Search vendor "Sun" for product "Jre" and version "1.4.2_4"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_5
Search vendor "Sun" for product "Jre" and version "1.4.2_5"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_6
Search vendor "Sun" for product "Jre" and version "1.4.2_6"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_7
Search vendor "Sun" for product "Jre" and version "1.4.2_7"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_8
Search vendor "Sun" for product "Jre" and version "1.4.2_8"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_9
Search vendor "Sun" for product "Jre" and version "1.4.2_9"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_10
Search vendor "Sun" for product "Jre" and version "1.4.2_10"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_11
Search vendor "Sun" for product "Jre" and version "1.4.2_11"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_12
Search vendor "Sun" for product "Jre" and version "1.4.2_12"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_13
Search vendor "Sun" for product "Jre" and version "1.4.2_13"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_14
Search vendor "Sun" for product "Jre" and version "1.4.2_14"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_15
Search vendor "Sun" for product "Jre" and version "1.4.2_15"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_16
Search vendor "Sun" for product "Jre" and version "1.4.2_16"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update1
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update10
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update11
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update12
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update13
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update14
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update2
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update3
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update4
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update5
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update6
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update7
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update8
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.5.0
Search vendor "Sun" for product "Jre" and version "1.5.0"
update9
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_1
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_2
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_3
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.6.0
Search vendor "Sun" for product "Jre" and version "1.6.0"
update_4
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2
Search vendor "Sun" for product "Sdk" and version "1.4.2"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_1
Search vendor "Sun" for product "Sdk" and version "1.4.2_1"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_2
Search vendor "Sun" for product "Sdk" and version "1.4.2_2"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_3
Search vendor "Sun" for product "Sdk" and version "1.4.2_3"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_4
Search vendor "Sun" for product "Sdk" and version "1.4.2_4"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_5
Search vendor "Sun" for product "Sdk" and version "1.4.2_5"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_6
Search vendor "Sun" for product "Sdk" and version "1.4.2_6"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_7
Search vendor "Sun" for product "Sdk" and version "1.4.2_7"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_8
Search vendor "Sun" for product "Sdk" and version "1.4.2_8"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_9
Search vendor "Sun" for product "Sdk" and version "1.4.2_9"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_10
Search vendor "Sun" for product "Sdk" and version "1.4.2_10"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_11
Search vendor "Sun" for product "Sdk" and version "1.4.2_11"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_12
Search vendor "Sun" for product "Sdk" and version "1.4.2_12"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_13
Search vendor "Sun" for product "Sdk" and version "1.4.2_13"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_14
Search vendor "Sun" for product "Sdk" and version "1.4.2_14"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_15
Search vendor "Sun" for product "Sdk" and version "1.4.2_15"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_16
Search vendor "Sun" for product "Sdk" and version "1.4.2_16"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected