// For flags

CVE-2008-3113

Java Web Start arbitrary file creation/deletion file with user permissions (6704077)

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.

Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 5.0 versiones anteriores a Update 16 y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes remotos crear o borrar ficheros de su elección a través de aplicaciones no confiables, también conocido como CR 6704077.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-07-09 CVE Reserved
  • 2008-07-09 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (38)
URL Tag Source
http://marc.info/?l=bugtraq&m=122331139823057&w=2 Mailing List
http://secunia.com/advisories/31055 Third Party Advisory
http://secunia.com/advisories/31320 Third Party Advisory
http://secunia.com/advisories/31497 Third Party Advisory
http://secunia.com/advisories/31600 Third Party Advisory
http://secunia.com/advisories/31736 Third Party Advisory
http://secunia.com/advisories/32018 Third Party Advisory
http://secunia.com/advisories/32179 Third Party Advisory
http://secunia.com/advisories/32180 Third Party Advisory
http://secunia.com/advisories/32826 Third Party Advisory
http://secunia.com/advisories/33194 Third Party Advisory
http://secunia.com/advisories/35065 Third Party Advisory
http://secunia.com/advisories/37386 Third Party Advisory
http://support.apple.com/kb/HT3178 X_refsource_confirm
http://support.apple.com/kb/HT3179 X_refsource_confirm
http://www.securityfocus.com/archive/1/497041/100/0/threaded Mailing List
http://www.securityfocus.com/bid/30148 Vdb Entry
http://www.securitytracker.com/id?1020452 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-193A.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0016.html X_refsource_confirm
http://www.vupen.com/english/advisories/2008/2056/references Vdb Entry
http://www.vupen.com/english/advisories/2008/2740 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/43667 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10454 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/31010 2018-10-30
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 2018-10-30
URL Date SRC
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html 2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html 2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html 2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html 2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html 2018-10-30
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html 2018-10-30
http://rhn.redhat.com/errata/RHSA-2008-0955.html 2018-10-30
http://security.gentoo.org/glsa/glsa-200911-02.xml 2018-10-30
http://www.redhat.com/support/errata/RHSA-2008-0595.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2008-0790.html 2018-10-30
https://access.redhat.com/security/cve/CVE-2008-3113 2008-11-25
https://bugzilla.redhat.com/show_bug.cgi?id=454607 2008-11-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 <= 5.0
Search vendor "Sun" for product "Jdk" and version " <= 5.0"
update_15
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_1
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_10
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_11
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_12
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_13
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_14
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_2
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_3
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_4
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_5
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_6
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_7
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_8
Affected
Sun
Search vendor "Sun"
 Jdk
Search vendor "Sun" for product "Jdk"
 5.0
Search vendor "Sun" for product "Jdk" and version "5.0"
update_9
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 <= 1.4.2_17
Search vendor "Sun" for product "Jre" and version " <= 1.4.2_17"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 <= 5.0
Search vendor "Sun" for product "Jre" and version " <= 5.0"
update_15
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2
Search vendor "Sun" for product "Jre" and version "1.4.2"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_01
Search vendor "Sun" for product "Jre" and version "1.4.2_01"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_02
Search vendor "Sun" for product "Jre" and version "1.4.2_02"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_03
Search vendor "Sun" for product "Jre" and version "1.4.2_03"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_04
Search vendor "Sun" for product "Jre" and version "1.4.2_04"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_05
Search vendor "Sun" for product "Jre" and version "1.4.2_05"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_06
Search vendor "Sun" for product "Jre" and version "1.4.2_06"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_07
Search vendor "Sun" for product "Jre" and version "1.4.2_07"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_8
Search vendor "Sun" for product "Jre" and version "1.4.2_8"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_9
Search vendor "Sun" for product "Jre" and version "1.4.2_9"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_10
Search vendor "Sun" for product "Jre" and version "1.4.2_10"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_11
Search vendor "Sun" for product "Jre" and version "1.4.2_11"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_12
Search vendor "Sun" for product "Jre" and version "1.4.2_12"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_13
Search vendor "Sun" for product "Jre" and version "1.4.2_13"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_14
Search vendor "Sun" for product "Jre" and version "1.4.2_14"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_15
Search vendor "Sun" for product "Jre" and version "1.4.2_15"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 1.4.2_16
Search vendor "Sun" for product "Jre" and version "1.4.2_16"
-
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_1
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_10
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_11
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_12
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_13
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_14
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_2
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_3
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_4
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_5
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_6
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_7
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_8
Affected
Sun
Search vendor "Sun"
 Jre
Search vendor "Sun" for product "Jre"
 5.0
Search vendor "Sun" for product "Jre" and version "5.0"
update_9
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2
Search vendor "Sun" for product "Sdk" and version "1.4.2"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_01
Search vendor "Sun" for product "Sdk" and version "1.4.2_01"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_02
Search vendor "Sun" for product "Sdk" and version "1.4.2_02"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_03
Search vendor "Sun" for product "Sdk" and version "1.4.2_03"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_04
Search vendor "Sun" for product "Sdk" and version "1.4.2_04"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_05
Search vendor "Sun" for product "Sdk" and version "1.4.2_05"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_06
Search vendor "Sun" for product "Sdk" and version "1.4.2_06"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_07
Search vendor "Sun" for product "Sdk" and version "1.4.2_07"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_08
Search vendor "Sun" for product "Sdk" and version "1.4.2_08"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_09
Search vendor "Sun" for product "Sdk" and version "1.4.2_09"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_10
Search vendor "Sun" for product "Sdk" and version "1.4.2_10"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_11
Search vendor "Sun" for product "Sdk" and version "1.4.2_11"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_12
Search vendor "Sun" for product "Sdk" and version "1.4.2_12"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_13
Search vendor "Sun" for product "Sdk" and version "1.4.2_13"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_14
Search vendor "Sun" for product "Sdk" and version "1.4.2_14"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_15
Search vendor "Sun" for product "Sdk" and version "1.4.2_15"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_16
Search vendor "Sun" for product "Sdk" and version "1.4.2_16"
-
Affected
Sun
Search vendor "Sun"
 Sdk
Search vendor "Sun" for product "Sdk"
 1.4.2_17
Search vendor "Sun" for product "Sdk" and version "1.4.2_17"
-
Affected