CVE-2008-3109
First published: Wed Jul 09 2008(Updated: )
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Java Development Kit (JDK) | <=6 | |
| Java Development Kit (JDK) | =6-update_1 | |
| Java Development Kit (JDK) | =6-update_2 | |
| Java Development Kit (JDK) | =6-update_3 | |
| Java Development Kit (JDK) | =6-update_4 | |
| Java Development Kit (JDK) | =6-update_5 | |
| Sun Java Runtime Environment (JRE) | <=6 | |
| Sun Java Runtime Environment (JRE) | =6-update_1 | |
| Sun Java Runtime Environment (JRE) | =6-update_2 | |
| Sun Java Runtime Environment (JRE) | =6-update_3 | |
| Sun Java Runtime Environment (JRE) | =6-update_4 | |
| Sun Java Runtime Environment (JRE) | =6-update_5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
- http://www.securityfocus.com/bid/30144
- http://secunia.com/advisories/31010
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://www.redhat.com/support/errata/RHSA-2008-0594.html
- http://secunia.com/advisories/31600
- http://www.us-cert.gov/cas/techalerts/TA08-193A.html
- http://support.apple.com/kb/HT3179
- http://secunia.com/advisories/32018
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
- http://secunia.com/advisories/32180
- http://secunia.com/advisories/32179
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/32436
- http://www.securitytracker.com/id?1020456
- http://www.redhat.com/support/errata/RHSA-2008-1045.html
- http://secunia.com/advisories/33238
- http://www.redhat.com/support/errata/RHSA-2008-0906.html
- http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
- http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://secunia.com/advisories/37386
- http://www.vupen.com/english/advisories/2008/2056/references
- http://www.vupen.com/english/advisories/2008/2740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43660
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8540
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-3109?
CVE-2008-3109 has a high severity rating due to its ability to allow context-dependent attackers to gain privileges.
How do I fix CVE-2008-3109?
To mitigate CVE-2008-3109, users should upgrade to a patched version of the Sun Java Runtime Environment or Sun JDK that is not affected by this vulnerability.
What versions are affected by CVE-2008-3109?
CVE-2008-3109 affects Sun JRE and JDK version 6 Update 6 and earlier, including specific updates like 1, 2, 3, 4, and 5.
Can CVE-2008-3109 be exploited remotely?
Yes, CVE-2008-3109 can potentially be exploited by attackers remotely through untrusted applications or applets.
Is CVE-2008-3109 still relevant today?
While CVE-2008-3109 is an older vulnerability, it is still relevant for systems that have not been updated and continue to use affected software.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sun
- canonical/java development kit (jdk)
- version/java development kit (jdk)/6
- version/java development kit (jdk)/6-update_1
- version/java development kit (jdk)/6-update_2
- version/java development kit (jdk)/6-update_3
- version/java development kit (jdk)/6-update_4
- version/java development kit (jdk)/6-update_5
- canonical/sun java runtime environment (jre)
- version/sun java runtime environment (jre)/6
- version/sun java runtime environment (jre)/6-update_1
- version/sun java runtime environment (jre)/6-update_2
- version/sun java runtime environment (jre)/6-update_3
- version/sun java runtime environment (jre)/6-update_4
- version/sun java runtime environment (jre)/6-update_5