NVD Vulnerability Detail

CVE-2008-5350

Summary	Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.
Summary	Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite a applets y aplicaciones no confiables leer el contenido del directorio del usuario actual mediante vectores desconocidos.
Publication Date	Dec. 5, 2008, 8:30 p.m.
Registration Date	Jan. 29, 2021, 1:46 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sun:jdk::update_16::::::*		5.0
cpe:2.3:a:sun:jdk::update_10::::::*		6
cpe:2.3:a:sun:jdk:5.0:update_1::::::
cpe:2.3:a:sun:jdk:5.0:update_10::::::
cpe:2.3:a:sun:jdk:5.0:update_11::::::
cpe:2.3:a:sun:jdk:5.0:update_12::::::
cpe:2.3:a:sun:jdk:5.0:update_13::::::
cpe:2.3:a:sun:jdk:5.0:update_14::::::
cpe:2.3:a:sun:jdk:5.0:update_15::::::
cpe:2.3:a:sun:jdk:5.0:update_2::::::
cpe:2.3:a:sun:jdk:5.0:update_3::::::
cpe:2.3:a:sun:jdk:5.0:update_4::::::
cpe:2.3:a:sun:jdk:5.0:update_5::::::
cpe:2.3:a:sun:jdk:5.0:update_6::::::
cpe:2.3:a:sun:jdk:5.0:update_7::::::
cpe:2.3:a:sun:jdk:5.0:update_8::::::
cpe:2.3:a:sun:jdk:5.0:update_9::::::
cpe:2.3:a:sun:jdk:6:::::::*
cpe:2.3:a:sun:jdk:6:update_1::::::
cpe:2.3:a:sun:jdk:6:update_2::::::
cpe:2.3:a:sun:jdk:6:update_3::::::
cpe:2.3:a:sun:jdk:6:update_4::::::
cpe:2.3:a:sun:jdk:6:update_5::::::
cpe:2.3:a:sun:jdk:6:update_6::::::
cpe:2.3:a:sun:jdk:6:update_7::::::
cpe:2.3:a:sun:jdk:6:update_8::::::
cpe:2.3:a:sun:jdk:6:update_9::::::
cpe:2.3:a:sun:jre::::::::		1.4.2_18
cpe:2.3:a:sun:jre::update_16::::::*		5.0
cpe:2.3:a:sun:jre::update_10::::::*		6
cpe:2.3:a:sun:jre:1.4.2_1:::::::*
cpe:2.3:a:sun:jre:1.4.2_2:::::::*
cpe:2.3:a:sun:jre:1.4.2_3:::::::*
cpe:2.3:a:sun:jre:1.4.2_4:::::::*
cpe:2.3:a:sun:jre:1.4.2_5:::::::*
cpe:2.3:a:sun:jre:1.4.2_6:::::::*
cpe:2.3:a:sun:jre:1.4.2_7:::::::*
cpe:2.3:a:sun:jre:1.4.2_8:::::::*
cpe:2.3:a:sun:jre:1.4.2_9:::::::*
cpe:2.3:a:sun:jre:1.4.2_10:::::::*
cpe:2.3:a:sun:jre:1.4.2_11:::::::*
cpe:2.3:a:sun:jre:1.4.2_12:::::::*
cpe:2.3:a:sun:jre:1.4.2_13:::::::*
cpe:2.3:a:sun:jre:1.4.2_14:::::::*
cpe:2.3:a:sun:jre:1.4.2_15:::::::*
cpe:2.3:a:sun:jre:1.4.2_16:::::::*
cpe:2.3:a:sun:jre:1.4.2_17:::::::*
cpe:2.3:a:sun:jre:5.0:::::::*
cpe:2.3:a:sun:jre:5.0:update_1::::::
cpe:2.3:a:sun:jre:5.0:update_10::::::
cpe:2.3:a:sun:jre:5.0:update_11::::::
cpe:2.3:a:sun:jre:5.0:update_12::::::
cpe:2.3:a:sun:jre:5.0:update_13::::::
cpe:2.3:a:sun:jre:5.0:update_14::::::
cpe:2.3:a:sun:jre:5.0:update_15::::::
cpe:2.3:a:sun:jre:5.0:update_2::::::
cpe:2.3:a:sun:jre:5.0:update_3::::::
cpe:2.3:a:sun:jre:5.0:update_4::::::
cpe:2.3:a:sun:jre:5.0:update_5::::::
cpe:2.3:a:sun:jre:5.0:update_6::::::
cpe:2.3:a:sun:jre:5.0:update_7::::::
cpe:2.3:a:sun:jre:5.0:update_8::::::
cpe:2.3:a:sun:jre:5.0:update_9::::::
cpe:2.3:a:sun:jre:6:::::::*
cpe:2.3:a:sun:jre:6:update_1::::::
cpe:2.3:a:sun:jre:6:update_2::::::
cpe:2.3:a:sun:jre:6:update_3::::::
cpe:2.3:a:sun:jre:6:update_4::::::
cpe:2.3:a:sun:jre:6:update_5::::::
cpe:2.3:a:sun:jre:6:update_6::::::
cpe:2.3:a:sun:jre:6:update_7::::::
cpe:2.3:a:sun:jre:6:update_8::::::
cpe:2.3:a:sun:jre:6:update_9::::::
cpe:2.3:a:sun:sdk::::::::		1.4.2_18
cpe:2.3:a:sun:sdk:1.4.2_1:::::::*
cpe:2.3:a:sun:sdk:1.4.2_2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_3:::::::*
cpe:2.3:a:sun:sdk:1.4.2_4:::::::*
cpe:2.3:a:sun:sdk:1.4.2_5:::::::*
cpe:2.3:a:sun:sdk:1.4.2_6:::::::*
cpe:2.3:a:sun:sdk:1.4.2_7:::::::*
cpe:2.3:a:sun:sdk:1.4.2_8:::::::*
cpe:2.3:a:sun:sdk:1.4.2_9:::::::*
cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
cpe:2.3:a:sun:sdk:1.4.2_11:::::::*
cpe:2.3:a:sun:sdk:1.4.2_12:::::::*
cpe:2.3:a:sun:sdk:1.4.2_13:::::::*
cpe:2.3:a:sun:sdk:1.4.2_14:::::::*
cpe:2.3:a:sun:sdk:1.4.2_15:::::::*
cpe:2.3:a:sun:sdk:1.4.2_16:::::::*
cpe:2.3:a:sun:sdk:1.4.2_17:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html	cve@mitre.org
2	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	cve@mitre.org
3	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html	cve@mitre.org
4	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	cve@mitre.org
5	http://marc.info/?l=bugtraq&m=123678756409861&w=2	cve@mitre.org
6	http://marc.info/?l=bugtraq&m=126583436323697&w=2	cve@mitre.org
7	http://osvdb.org/50503	cve@mitre.org
8	http://rhn.redhat.com/errata/RHSA-2008-1018.html	cve@mitre.org
9	http://rhn.redhat.com/errata/RHSA-2008-1025.html	cve@mitre.org
10	http://secunia.com/advisories/32991	cve@mitre.org
11	http://secunia.com/advisories/33015	cve@mitre.org
12	http://secunia.com/advisories/33528	cve@mitre.org
13	http://secunia.com/advisories/33709	cve@mitre.org
14	http://secunia.com/advisories/33710	cve@mitre.org
15	http://secunia.com/advisories/34233	cve@mitre.org
16	http://secunia.com/advisories/34259	cve@mitre.org
17	http://secunia.com/advisories/34605	cve@mitre.org
18	http://secunia.com/advisories/34889	cve@mitre.org
19	http://secunia.com/advisories/34972	cve@mitre.org
20	http://secunia.com/advisories/35065	cve@mitre.org
21	http://secunia.com/advisories/37386	cve@mitre.org
22	http://secunia.com/advisories/38539	cve@mitre.org
23	http://security.gentoo.org/glsa/glsa-200911-02.xml	cve@mitre.org
24	http://sunsolve.sun.com/search/document.do?assetkey=1-26-246266-1	cve@mitre.org
25	http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm	cve@mitre.org
26	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=	cve@mitre.org
27	http://www.redhat.com/support/errata/RHSA-2009-0015.html	cve@mitre.org
28	http://www.redhat.com/support/errata/RHSA-2009-0016.html	cve@mitre.org
29	http://www.redhat.com/support/errata/RHSA-2009-0445.html	cve@mitre.org
30	http://www.securityfocus.com/bid/32608	cve@mitre.org
31	http://www.securitytracker.com/id?1021310	cve@mitre.org
32	http://www.us-cert.gov/cas/techalerts/TA08-340A.html	cve@mitre.org
33	http://www.vupen.com/english/advisories/2008/3339	cve@mitre.org
34	http://www.vupen.com/english/advisories/2009/0672	cve@mitre.org
35	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf	cve@mitre.org
36	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6424	cve@mitre.org
37	https://rhn.redhat.com/errata/RHSA-2009-0466.html	cve@mitre.org
38	http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html	af854a3a-2127-422b-91ae-364da2661108
39	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	af854a3a-2127-422b-91ae-364da2661108
40	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
41	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
42	http://marc.info/?l=bugtraq&m=123678756409861&w=2	af854a3a-2127-422b-91ae-364da2661108
43	http://marc.info/?l=bugtraq&m=126583436323697&w=2	af854a3a-2127-422b-91ae-364da2661108
44	http://osvdb.org/50503	af854a3a-2127-422b-91ae-364da2661108
45	http://rhn.redhat.com/errata/RHSA-2008-1018.html	af854a3a-2127-422b-91ae-364da2661108
46	http://rhn.redhat.com/errata/RHSA-2008-1025.html	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/32991	af854a3a-2127-422b-91ae-364da2661108
48	http://secunia.com/advisories/33015	af854a3a-2127-422b-91ae-364da2661108
49	http://secunia.com/advisories/33528	af854a3a-2127-422b-91ae-364da2661108
50	http://secunia.com/advisories/33709	af854a3a-2127-422b-91ae-364da2661108
51	http://secunia.com/advisories/33710	af854a3a-2127-422b-91ae-364da2661108
52	http://secunia.com/advisories/34233	af854a3a-2127-422b-91ae-364da2661108
53	http://secunia.com/advisories/34259	af854a3a-2127-422b-91ae-364da2661108
54	http://secunia.com/advisories/34605	af854a3a-2127-422b-91ae-364da2661108
55	http://secunia.com/advisories/34889	af854a3a-2127-422b-91ae-364da2661108
56	http://secunia.com/advisories/34972	af854a3a-2127-422b-91ae-364da2661108
57	http://secunia.com/advisories/35065	af854a3a-2127-422b-91ae-364da2661108
58	http://secunia.com/advisories/37386	af854a3a-2127-422b-91ae-364da2661108
59	http://secunia.com/advisories/38539	af854a3a-2127-422b-91ae-364da2661108
60	http://security.gentoo.org/glsa/glsa-200911-02.xml	af854a3a-2127-422b-91ae-364da2661108
61	http://sunsolve.sun.com/search/document.do?assetkey=1-26-246266-1	af854a3a-2127-422b-91ae-364da2661108
62	http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm	af854a3a-2127-422b-91ae-364da2661108
63	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=	af854a3a-2127-422b-91ae-364da2661108
64	http://www.redhat.com/support/errata/RHSA-2009-0015.html	af854a3a-2127-422b-91ae-364da2661108
65	http://www.redhat.com/support/errata/RHSA-2009-0016.html	af854a3a-2127-422b-91ae-364da2661108
66	http://www.redhat.com/support/errata/RHSA-2009-0445.html	af854a3a-2127-422b-91ae-364da2661108
67	http://www.securityfocus.com/bid/32608	af854a3a-2127-422b-91ae-364da2661108
68	http://www.securitytracker.com/id?1021310	af854a3a-2127-422b-91ae-364da2661108
69	http://www.us-cert.gov/cas/techalerts/TA08-340A.html	af854a3a-2127-422b-91ae-364da2661108
70	http://www.vupen.com/english/advisories/2008/3339	af854a3a-2127-422b-91ae-364da2661108
71	http://www.vupen.com/english/advisories/2009/0672	af854a3a-2127-422b-91ae-364da2661108
72	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf	af854a3a-2127-422b-91ae-364da2661108
73	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6424	af854a3a-2127-422b-91ae-364da2661108
74	https://rhn.redhat.com/errata/RHSA-2009-0466.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:sun:jdk::update_16::::::*		5.0
cpe:2.3:a:sun:jdk::update_10::::::*		6
cpe:2.3:a:sun:jdk:5.0:update_1::::::
cpe:2.3:a:sun:jdk:5.0:update_10::::::
cpe:2.3:a:sun:jdk:5.0:update_11::::::
cpe:2.3:a:sun:jdk:5.0:update_12::::::
cpe:2.3:a:sun:jdk:5.0:update_13::::::
cpe:2.3:a:sun:jdk:5.0:update_14::::::
cpe:2.3:a:sun:jdk:5.0:update_15::::::
cpe:2.3:a:sun:jdk:5.0:update_2::::::
cpe:2.3:a:sun:jdk:5.0:update_3::::::
cpe:2.3:a:sun:jdk:5.0:update_4::::::
cpe:2.3:a:sun:jdk:5.0:update_5::::::
cpe:2.3:a:sun:jdk:5.0:update_6::::::
cpe:2.3:a:sun:jdk:5.0:update_7::::::
cpe:2.3:a:sun:jdk:5.0:update_8::::::
cpe:2.3:a:sun:jdk:5.0:update_9::::::
cpe:2.3:a:sun:jdk:6:::::::*
cpe:2.3:a:sun:jdk:6:update_1::::::
cpe:2.3:a:sun:jdk:6:update_2::::::
cpe:2.3:a:sun:jdk:6:update_3::::::
cpe:2.3:a:sun:jdk:6:update_4::::::
cpe:2.3:a:sun:jdk:6:update_5::::::
cpe:2.3:a:sun:jdk:6:update_6::::::
cpe:2.3:a:sun:jdk:6:update_7::::::
cpe:2.3:a:sun:jdk:6:update_8::::::
cpe:2.3:a:sun:jdk:6:update_9::::::
cpe:2.3:a:sun:jre::::::::		1.4.2_18
cpe:2.3:a:sun:jre::update_16::::::*		5.0
cpe:2.3:a:sun:jre::update_10::::::*		6
cpe:2.3:a:sun:jre:1.4.2_1:::::::*
cpe:2.3:a:sun:jre:1.4.2_2:::::::*
cpe:2.3:a:sun:jre:1.4.2_3:::::::*
cpe:2.3:a:sun:jre:1.4.2_4:::::::*
cpe:2.3:a:sun:jre:1.4.2_5:::::::*
cpe:2.3:a:sun:jre:1.4.2_6:::::::*
cpe:2.3:a:sun:jre:1.4.2_7:::::::*
cpe:2.3:a:sun:jre:1.4.2_8:::::::*
cpe:2.3:a:sun:jre:1.4.2_9:::::::*
cpe:2.3:a:sun:jre:1.4.2_10:::::::*
cpe:2.3:a:sun:jre:1.4.2_11:::::::*
cpe:2.3:a:sun:jre:1.4.2_12:::::::*
cpe:2.3:a:sun:jre:1.4.2_13:::::::*
cpe:2.3:a:sun:jre:1.4.2_14:::::::*
cpe:2.3:a:sun:jre:1.4.2_15:::::::*
cpe:2.3:a:sun:jre:1.4.2_16:::::::*
cpe:2.3:a:sun:jre:1.4.2_17:::::::*
cpe:2.3:a:sun:jre:5.0:::::::*
cpe:2.3:a:sun:jre:5.0:update_1::::::
cpe:2.3:a:sun:jre:5.0:update_10::::::
cpe:2.3:a:sun:jre:5.0:update_11::::::
cpe:2.3:a:sun:jre:5.0:update_12::::::
cpe:2.3:a:sun:jre:5.0:update_13::::::
cpe:2.3:a:sun:jre:5.0:update_14::::::
cpe:2.3:a:sun:jre:5.0:update_15::::::
cpe:2.3:a:sun:jre:5.0:update_2::::::
cpe:2.3:a:sun:jre:5.0:update_3::::::
cpe:2.3:a:sun:jre:5.0:update_4::::::
cpe:2.3:a:sun:jre:5.0:update_5::::::
cpe:2.3:a:sun:jre:5.0:update_6::::::
cpe:2.3:a:sun:jre:5.0:update_7::::::
cpe:2.3:a:sun:jre:5.0:update_8::::::
cpe:2.3:a:sun:jre:5.0:update_9::::::
cpe:2.3:a:sun:jre:6:::::::*
cpe:2.3:a:sun:jre:6:update_1::::::
cpe:2.3:a:sun:jre:6:update_2::::::
cpe:2.3:a:sun:jre:6:update_3::::::
cpe:2.3:a:sun:jre:6:update_4::::::
cpe:2.3:a:sun:jre:6:update_5::::::
cpe:2.3:a:sun:jre:6:update_6::::::
cpe:2.3:a:sun:jre:6:update_7::::::
cpe:2.3:a:sun:jre:6:update_8::::::
cpe:2.3:a:sun:jre:6:update_9::::::
cpe:2.3:a:sun:sdk::::::::		1.4.2_18
cpe:2.3:a:sun:sdk:1.4.2_1:::::::*
cpe:2.3:a:sun:sdk:1.4.2_2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_3:::::::*
cpe:2.3:a:sun:sdk:1.4.2_4:::::::*
cpe:2.3:a:sun:sdk:1.4.2_5:::::::*
cpe:2.3:a:sun:sdk:1.4.2_6:::::::*
cpe:2.3:a:sun:sdk:1.4.2_7:::::::*
cpe:2.3:a:sun:sdk:1.4.2_8:::::::*
cpe:2.3:a:sun:sdk:1.4.2_9:::::::*
cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
cpe:2.3:a:sun:sdk:1.4.2_11:::::::*
cpe:2.3:a:sun:sdk:1.4.2_12:::::::*
cpe:2.3:a:sun:sdk:1.4.2_13:::::::*
cpe:2.3:a:sun:sdk:1.4.2_14:::::::*
cpe:2.3:a:sun:sdk:1.4.2_15:::::::*
cpe:2.3:a:sun:sdk:1.4.2_16:::::::*
cpe:2.3:a:sun:sdk:1.4.2_17:::::::*