CVE-2008-1187
UnknownEPSS 5.42%
Last modified
CVE-2008-1187 is a vulnerability of currently unknown severity. Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.. EPSS estimates a 5.42% chance of exploitation in the next 30 days.
Description
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sun | Jdk | <= 5.0 | Update 14 |
| Sun | Jdk | <= 6 | Update 4 |
| Sun | Jdk | 5.0 | Update 1 |
| Sun | Jdk | 6 | — |
| Sun | Jre | <= 1.4.2_14 | — |
| Sun | Jre | <= 5.0 | Update 14 |
| Sun | Jre | <= 6 | Update 4 |
| Sun | Jre | 1.4.2_01 | — |
| Sun | Jre | 1.4.2_1 | — |
| Sun | Jre | 1.4.2_02 | — |
| Sun | Jre | 1.4.2_03 | — |
| Sun | Jre | 1.4.2_04 | — |
| Sun | Jre | 1.4.2_05 | — |
| Sun | Jre | 1.4.2_06 | — |
| Sun | Jre | 1.4.2_07 | — |
| Sun | Jre | 1.4.2_10 | — |
| Sun | Jre | 1.4.2_11 | — |
| Sun | Jre | 1.4.2_12 | — |
| Sun | Jre | 1.4.2_13 | — |
| Sun | Jre | 5.0 | — |
| Sun | Jre | 6 | — |
| Sun | Sdk | <= 1.4.2_16 | — |
| Sun | Sdk | 1.4.2 | — |
| Sun | Sdk | 1.4.2_01 | — |
| Sun | Sdk | 1.4.2_1 | — |
| Sun | Sdk | 1.4.2_02 | — |
| Sun | Sdk | 1.4.2_03 | — |
| Sun | Sdk | 1.4.2_04 | — |
| Sun | Sdk | 1.4.2_05 | — |
| Sun | Sdk | 1.4.2_06 | — |
| Sun | Sdk | 1.4.2_07 | — |
| Sun | Sdk | 1.4.2_08 | — |
| Sun | Sdk | 1.4.2_09 | — |
| Sun | Sdk | 1.4.2_10 | — |
| Sun | Sdk | 1.4.2_11 | — |
| Sun | Sdk | 1.4.2_12 | — |
| Sun | Sdk | 1.4.2_13 | — |
| Sun | Sdk | 1.4.2_14 | — |
| Sun | Sdk | 1.4.2_15 | — |
References
- http://secunia.com/advisories/29239Vendor Advisory
- http://secunia.com/advisories/29273Vendor Advisory
- http://secunia.com/advisories/29498Vendor Advisory
- http://secunia.com/advisories/29582Vendor Advisory
- http://secunia.com/advisories/29841Vendor Advisory
- http://secunia.com/advisories/29858Vendor Advisory
- http://secunia.com/advisories/29897Vendor Advisory
- http://secunia.com/advisories/29999Vendor Advisory
- http://secunia.com/advisories/30003Vendor Advisory
- http://secunia.com/advisories/30676Vendor Advisory
- http://secunia.com/advisories/30780Vendor Advisory
- http://secunia.com/advisories/31067Vendor Advisory
- http://secunia.com/advisories/31497Vendor Advisory
- http://secunia.com/advisories/31580Vendor Advisory
- http://secunia.com/advisories/31586Vendor Advisory
- http://secunia.com/advisories/32018Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-066A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/0770/referencesVendor Advisory
- http://www.vupen.com/english/advisories/2008/1252Vendor Advisory
- http://www.vupen.com/english/advisories/2008/1856/referencesVendor Advisory
- http://secunia.com/advisories/29239Vendor Advisory
- http://secunia.com/advisories/29273Vendor Advisory
- http://secunia.com/advisories/29498Vendor Advisory
- http://secunia.com/advisories/29582Vendor Advisory
- http://secunia.com/advisories/29841Vendor Advisory
- http://secunia.com/advisories/29858Vendor Advisory
- http://secunia.com/advisories/29897Vendor Advisory
- http://secunia.com/advisories/29999Vendor Advisory
- http://secunia.com/advisories/30003Vendor Advisory
- http://secunia.com/advisories/30676Vendor Advisory
- http://secunia.com/advisories/30780Vendor Advisory
- http://secunia.com/advisories/31067Vendor Advisory
- http://secunia.com/advisories/31497Vendor Advisory
- http://secunia.com/advisories/31580Vendor Advisory
- http://secunia.com/advisories/31586Vendor Advisory
- http://secunia.com/advisories/32018Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-233322-1Patch, Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA08-066A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2008/0770/referencesVendor Advisory
- http://www.vupen.com/english/advisories/2008/1252Vendor Advisory
- http://www.vupen.com/english/advisories/2008/1856/referencesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-1187?
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
How severe is CVE-2008-1187?
Severity scoring for CVE-2008-1187 is pending analysis. The EPSS model estimates a 5.42% probability of exploitation in the next 30 days.
How do I fix CVE-2008-1187?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2008-1187?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST