CVE-2008-5345
UnknownEPSS 4.12%
Last modified
CVE-2008-5345 is a vulnerability of currently unknown severity. Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.. EPSS estimates a 4.12% chance of exploitation in the next 30 days.
Description
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jre | 1.3.1 |
| Sun | Jre | 1.3.1_2 |
| Sun | Jre | 1.3.1_03 |
| Sun | Jre | 1.3.1_04 |
| Sun | Jre | 1.3.1_05 |
| Sun | Jre | 1.3.1_06 |
| Sun | Jre | 1.3.1_07 |
| Sun | Jre | 1.3.1_08 |
| Sun | Jre | 1.3.1_09 |
| Sun | Jre | 1.3.1_10 |
| Sun | Jre | 1.3.1_11 |
| Sun | Jre | 1.3.1_12 |
| Sun | Jre | 1.3.1_13 |
| Sun | Jre | 1.3.1_14 |
| Sun | Jre | 1.3.1_15 |
| Sun | Jre | 1.3.1_16 |
| Sun | Jre | 1.3.1_17 |
| Sun | Jre | 1.3.1_18 |
| Sun | Jre | 1.3.1_19 |
| Sun | Jre | 1.3.1_20 |
| Sun | Jre | 1.3.1_21 |
| Sun | Jre | 1.3.1_22 |
| Sun | Jre | 1.3.1_23 |
| Sun | Jre | 1.4.2 |
| Sun | Jre | 1.4.2_1 |
| Sun | Jre | 1.4.2_2 |
| Sun | Jre | 1.4.2_3 |
| Sun | Jre | 1.4.2_4 |
| Sun | Jre | 1.4.2_5 |
| Sun | Jre | 1.4.2_6 |
| Sun | Jre | 1.4.2_7 |
| Sun | Jre | 1.4.2_8 |
| Sun | Jre | 1.4.2_9 |
| Sun | Jre | 1.4.2_10 |
| Sun | Jre | 1.4.2_11 |
| Sun | Jre | 1.4.2_12 |
| Sun | Jre | 1.4.2_13 |
| Sun | Jre | 1.4.2_14 |
| Sun | Jre | 1.4.2_15 |
| Sun | Jre | 1.4.2_16 |
| Sun | Jre | 1.4.2_17 |
| Sun | Jre | 1.4.2_18 |
| Sun | Jre | 1.5.0 |
| Sun | Jre | 1.6.0 |
| Sun | Jdk | 1.5.0 |
| Sun | Jdk | 1.6.0 |
| Sun | Sdk | 1.3.1 |
| Sun | Sdk | 1.3.1_01 |
| Sun | Sdk | 1.3.1_01a |
| Sun | Sdk | 1.3.1_02 |
Showing 50 of 95 affected configurations. See NVD for the full list.
References
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=123678756409861&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=126583436323697&w=2Mailing List, Third Party Advisory
- http://osvdb.org/50508Broken Link
- http://rhn.redhat.com/errata/RHSA-2008-1018.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2008-1025.htmlThird Party Advisory
- http://secunia.com/advisories/32991Third Party Advisory
- http://secunia.com/advisories/33015Third Party Advisory
- http://secunia.com/advisories/33528Third Party Advisory
- http://secunia.com/advisories/33710Third Party Advisory
- http://secunia.com/advisories/34233Third Party Advisory
- http://secunia.com/advisories/34605Third Party Advisory
- http://secunia.com/advisories/34889Third Party Advisory
- http://secunia.com/advisories/34972Third Party Advisory
- http://secunia.com/advisories/35065Third Party Advisory
- http://secunia.com/advisories/37386Third Party Advisory
- http://secunia.com/advisories/38539Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200911-02.xmlThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htmThird Party Advisory
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0015.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0016.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0445.htmlThird Party Advisory
- http://www.securitytracker.com/id?1021305Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-340A.htmlThird Party Advisory, US Government Resource
- http://www.vupen.com/english/advisories/2008/3339Third Party Advisory
- http://www.vupen.com/english/advisories/2009/0672Third Party Advisory
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdfThird Party Advisory
- https://rhn.redhat.com/errata/RHSA-2009-0466.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=123678756409861&w=2Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=126583436323697&w=2Mailing List, Third Party Advisory
- http://osvdb.org/50508Broken Link
- http://rhn.redhat.com/errata/RHSA-2008-1018.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2008-1025.htmlThird Party Advisory
- http://secunia.com/advisories/32991Third Party Advisory
- http://secunia.com/advisories/33015Third Party Advisory
- http://secunia.com/advisories/33528Third Party Advisory
- http://secunia.com/advisories/33710Third Party Advisory
- http://secunia.com/advisories/34233Third Party Advisory
- http://secunia.com/advisories/34605Third Party Advisory
- http://secunia.com/advisories/34889Third Party Advisory
- http://secunia.com/advisories/34972Third Party Advisory
- http://secunia.com/advisories/35065Third Party Advisory
- http://secunia.com/advisories/37386Third Party Advisory
- http://secunia.com/advisories/38539Third Party Advisory
- http://security.gentoo.org/glsa/glsa-200911-02.xmlThird Party Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htmThird Party Advisory
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0015.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0016.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2009-0445.htmlThird Party Advisory
- http://www.securitytracker.com/id?1021305Third Party Advisory, VDB Entry
- http://www.us-cert.gov/cas/techalerts/TA08-340A.htmlThird Party Advisory, US Government Resource
- http://www.vupen.com/english/advisories/2008/3339Third Party Advisory
- http://www.vupen.com/english/advisories/2009/0672Third Party Advisory
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdfThird Party Advisory
- https://rhn.redhat.com/errata/RHSA-2009-0466.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-5345?
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.
How severe is CVE-2008-5345?
Severity scoring for CVE-2008-5345 is pending analysis. The EPSS model estimates a 4.12% probability of exploitation in the next 30 days.
How do I fix CVE-2008-5345?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2008-5345?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST