Rapid7 Vulnerability & Exploit Database

RHSA-2008:0595: java-1.5.0-sun security update

Back to Search

RHSA-2008:0595: java-1.5.0-sun security update



The Java Runtime Environment (JRE) contains the software and tools thatusers need to run applets and applications written using the Javaprogramming language. A vulnerability was found in the Java Management Extensions (JMX)management agent, when local monitoring is enabled. This allowed remoteattackers to perform illegal operations. (CVE-2008-3103)Multiple vulnerabilities with unsigned applets were reported. A remoteattacker could misuse an unsigned applet to connect to localhost servicesrunning on the host running the applet. (CVE-2008-3104)A Java Runtime Environment (JRE) vulnerability could be triggered by anuntrusted application or applet. A remote attacker could grant an untrustedapplet extended privileges such as reading and writing local files, orexecuting local programs. (CVE-2008-3107)Several buffer overflow vulnerabilities in Java Web Start were reported.These vulnerabilities may allow an untrusted Java Web Start application toelevate its privileges and thereby grant itself permission to read and/orwrite local files, as well as to execute local applications accessible tothe user running the untrusted application. (CVE-2008-3111)Two file processing vulnerabilities in Java Web Start were found. A remoteattacker, by means of an untrusted Java Web Start application, was able tocreate or delete arbitrary files with the permissions of the user runningthe untrusted application. (CVE-2008-3112, CVE-2008-3113)A vulnerability in Java Web Start when processing untrusted applicationswas reported. An attacker was able to acquire sensitive information, suchas the cache location. (CVE-2008-3114) Users of java-1.5.0-sun should upgrade to these updated packages, whichcorrect these issues.


  • redhat-upgrade-java-1-5-0-sun
  • redhat-upgrade-java-1-5-0-sun-demo
  • redhat-upgrade-java-1-5-0-sun-devel
  • redhat-upgrade-java-1-5-0-sun-jdbc
  • redhat-upgrade-java-1-5-0-sun-plugin
  • redhat-upgrade-java-1-5-0-sun-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center