CVE-2005-3906

Name: CVE-2005-3906
Creator: NVD / NIST
Published: 2005-11-30T11:03:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.17%

Last modified Jun 16, 2026

CVE-2005-3906 is a vulnerability of currently unknown severity. Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.. EPSS estimates a 5.17% chance of exploitation in the next 30 days.

Description

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.

Metrics

EPSS Probability

5.17%

91.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Sun	Jdk	1.3
Sun	Jdk	1.3.0_02
Sun	Jdk	1.3.0_05
Sun	Jdk	1.3.1_01
Sun	Jdk	1.3.1_01a
Sun	Jdk	1.3.1_02
Sun	Jdk	1.3.1_03
Sun	Jdk	1.3.1_04
Sun	Jdk	1.3.1_05
Sun	Jdk	1.3.1_06
Sun	Jdk	1.3.1_07
Sun	Jdk	1.3.1_08
Sun	Jdk	1.3.1_09
Sun	Jdk	1.3.1_10
Sun	Jdk	1.3.1_11
Sun	Jdk	1.3.1_12
Sun	Jdk	1.3.1_13
Sun	Jdk	1.3.1_14
Sun	Jdk	1.3.1_15
Sun	Jdk	1.3_02
Sun	Jdk	1.3_05
Sun	Jdk	1.4
Sun	Jdk	1.4.0_01
Sun	Jdk	1.4.0_02
Sun	Jdk	1.4.0_03
Sun	Jdk	1.4.0_4
Sun	Jdk	1.4.1
Sun	Jdk	1.4.1_01
Sun	Jdk	1.4.1_02
Sun	Jdk	1.4.1_03
Sun	Jdk	1.4.2
Sun	Jdk	1.4.2_01
Sun	Jdk	1.4.2_02
Sun	Jdk	1.4.2_03
Sun	Jdk	1.4.2_04
Sun	Jdk	1.4.2_05
Sun	Jdk	1.4.2_08
Sun	Jdk	1.5.0_03
Sun	Jre	1.3.0
Sun	Jre	1.3.1
Sun	Jre	1.4.1
Sun	Jre	1.4.2
Sun	Jre	1.4.2_1
Sun	Jre	1.4.2_2
Sun	Jre	1.4.2_3
Sun	Jre	1.4.2_4
Sun	Jre	1.4.2_5
Sun	Jre	1.4.2_6
Sun	Jre	1.4.2_7
Sun	Jre	1.4.2_8

Showing 50 of 51 affected configurations. See NVD for the full list.

References

http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html
http://secunia.com/advisories/17748Patch, Vendor Advisory
http://secunia.com/advisories/17847Vendor Advisory
http://secunia.com/advisories/18092Vendor Advisory
http://secunia.com/advisories/18435Vendor Advisory
http://secunia.com/advisories/18503Vendor Advisory
http://securitytracker.com/id?1015280
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1Patch, Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21225628
http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml
http://www.kb.cert.org/vuls/id/974188US Government Resource
http://www.securityfocus.com/bid/15615
http://www.vupen.com/english/advisories/2005/2636Vendor Advisory
http://www.vupen.com/english/advisories/2005/2675Vendor Advisory
http://www.vupen.com/english/advisories/2005/2946Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23251
http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html
http://secunia.com/advisories/17748Patch, Vendor Advisory
http://secunia.com/advisories/17847Vendor Advisory
http://secunia.com/advisories/18092Vendor Advisory
http://secunia.com/advisories/18435Vendor Advisory
http://secunia.com/advisories/18503Vendor Advisory
http://securitytracker.com/id?1015280
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1Patch, Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21225628
http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml
http://www.kb.cert.org/vuls/id/974188US Government Resource
http://www.securityfocus.com/bid/15615
http://www.vupen.com/english/advisories/2005/2636Vendor Advisory
http://www.vupen.com/english/advisories/2005/2675Vendor Advisory
http://www.vupen.com/english/advisories/2005/2946Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23251

Timeline

Published: Nov 30, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-3906?

How severe is CVE-2005-3906?

Severity scoring for CVE-2005-3906 is pending analysis. The EPSS model estimates a 5.17% probability of exploitation in the next 30 days.

How do I fix CVE-2005-3906?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-3906?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST