Rapid7 Vulnerability & Exploit Database

CESA-2008:0186: java-1.5.0-sun security update

Back to Search

CESA-2008:0186: java-1.5.0-sun security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
03/06/2008
Created
07/25/2018
Added
11/12/2015
Modified
11/12/2015

Description

The Java Runtime Environment (JRE) contains the software and toolsthat users need to run applets and applications written using the Javaprogramming language. Flaws in the JRE allowed an untrusted application or applet to elevate itsprivileges. This could be exploited by a remote attacker to access localfiles or execute local applications accessible to the user running the JRE(CVE-2008-1185, CVE-2008-1186)A flaw was found in the Java XSLT processing classes. An untrustedapplication or applet could cause a denial of service, or execute arbitrarycode with the permissions of the user running the JRE. (CVE-2008-1187)Several buffer overflow flaws were found in Java Web Start (JWS). Anuntrusted JNLP application could access local files or execute localapplications accessible to the user running the JRE.(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)A flaw was found in the Java Plug-in. A remote attacker could bypass thesame origin policy, executing arbitrary code with the permissions of theuser running the JRE. (CVE-2008-1192)A flaw was found in the JRE image parsing libraries. An untrustedapplication or applet could cause a denial of service, or possible executearbitrary code with the permissions of the user running the JRE.(CVE-2008-1193)A flaw was found in the JRE color management library. An untrustedapplication or applet could trigger a denial of service (JVM crash).(CVE-2008-1194)The JRE allowed untrusted JavaScript code to create local networkconnections by the use of Java APIs. A remote attacker could use theseflaws to acesss local network services. (CVE-2008-1195)This update also fixes an issue where the Java Plug-in is not available forbrowser use after successful installation.Users of java-1.5.0-sun should upgrade to these updated packages, whichcorrect these issues.

Solution(s)

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;