NVD脆弱性詳細

CVE-2008-5344

概要	Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.
概要	Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE 5.0 Update 16 y anteriores; y en SDK y JRE 1.4.2_18 y anteriores permite a applets no confiables leer ficheros de su elección y realizarz conexiones de red no autorizadas mediante vectores desconocidos relacionados con el cargador de la clase "applet".
公表日	2008年12月5日20:30
登録日	2021年1月29日13:46
最終更新日	2026年4月23日9:35

CVSS2.0 : HIGH
スコア	7.5
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:sun:jdk::update_16::::::*		5.0
cpe:2.3:a:sun:jdk::update_10::::::*		6
cpe:2.3:a:sun:jdk:5.0:update_1::::::
cpe:2.3:a:sun:jdk:5.0:update_10::::::
cpe:2.3:a:sun:jdk:5.0:update_11::::::
cpe:2.3:a:sun:jdk:5.0:update_12::::::
cpe:2.3:a:sun:jdk:5.0:update_13::::::
cpe:2.3:a:sun:jdk:5.0:update_14::::::
cpe:2.3:a:sun:jdk:5.0:update_15::::::
cpe:2.3:a:sun:jdk:5.0:update_2::::::
cpe:2.3:a:sun:jdk:5.0:update_3::::::
cpe:2.3:a:sun:jdk:5.0:update_4::::::
cpe:2.3:a:sun:jdk:5.0:update_5::::::
cpe:2.3:a:sun:jdk:5.0:update_6::::::
cpe:2.3:a:sun:jdk:5.0:update_7::::::
cpe:2.3:a:sun:jdk:5.0:update_8::::::
cpe:2.3:a:sun:jdk:5.0:update_9::::::
cpe:2.3:a:sun:jdk:6:::::::*
cpe:2.3:a:sun:jdk:6:update_1::::::
cpe:2.3:a:sun:jdk:6:update_2::::::
cpe:2.3:a:sun:jdk:6:update_3::::::
cpe:2.3:a:sun:jdk:6:update_4::::::
cpe:2.3:a:sun:jdk:6:update_5::::::
cpe:2.3:a:sun:jdk:6:update_6::::::
cpe:2.3:a:sun:jdk:6:update_7::::::
cpe:2.3:a:sun:jdk:6:update_8::::::
cpe:2.3:a:sun:jdk:6:update_9::::::
cpe:2.3:a:sun:jre::::::::		1.4.2_18
cpe:2.3:a:sun:jre::update_16::::::*		5.0
cpe:2.3:a:sun:jre::update_10::::::*		6
cpe:2.3:a:sun:jre:1.4.2_1:::::::*
cpe:2.3:a:sun:jre:1.4.2_2:::::::*
cpe:2.3:a:sun:jre:1.4.2_3:::::::*
cpe:2.3:a:sun:jre:1.4.2_4:::::::*
cpe:2.3:a:sun:jre:1.4.2_5:::::::*
cpe:2.3:a:sun:jre:1.4.2_6:::::::*
cpe:2.3:a:sun:jre:1.4.2_7:::::::*
cpe:2.3:a:sun:jre:1.4.2_8:::::::*
cpe:2.3:a:sun:jre:1.4.2_9:::::::*
cpe:2.3:a:sun:jre:1.4.2_10:::::::*
cpe:2.3:a:sun:jre:1.4.2_11:::::::*
cpe:2.3:a:sun:jre:1.4.2_12:::::::*
cpe:2.3:a:sun:jre:1.4.2_13:::::::*
cpe:2.3:a:sun:jre:1.4.2_14:::::::*
cpe:2.3:a:sun:jre:1.4.2_15:::::::*
cpe:2.3:a:sun:jre:1.4.2_16:::::::*
cpe:2.3:a:sun:jre:1.4.2_17:::::::*
cpe:2.3:a:sun:jre:5.0:::::::*
cpe:2.3:a:sun:jre:5.0:update_1::::::
cpe:2.3:a:sun:jre:5.0:update_10::::::
cpe:2.3:a:sun:jre:5.0:update_11::::::
cpe:2.3:a:sun:jre:5.0:update_12::::::
cpe:2.3:a:sun:jre:5.0:update_13::::::
cpe:2.3:a:sun:jre:5.0:update_14::::::
cpe:2.3:a:sun:jre:5.0:update_15::::::
cpe:2.3:a:sun:jre:5.0:update_2::::::
cpe:2.3:a:sun:jre:5.0:update_3::::::
cpe:2.3:a:sun:jre:5.0:update_4::::::
cpe:2.3:a:sun:jre:5.0:update_5::::::
cpe:2.3:a:sun:jre:5.0:update_6::::::
cpe:2.3:a:sun:jre:5.0:update_7::::::
cpe:2.3:a:sun:jre:5.0:update_8::::::
cpe:2.3:a:sun:jre:5.0:update_9::::::
cpe:2.3:a:sun:jre:6:::::::*
cpe:2.3:a:sun:jre:6:update_1::::::
cpe:2.3:a:sun:jre:6:update_2::::::
cpe:2.3:a:sun:jre:6:update_3::::::
cpe:2.3:a:sun:jre:6:update_4::::::
cpe:2.3:a:sun:jre:6:update_5::::::
cpe:2.3:a:sun:jre:6:update_6::::::
cpe:2.3:a:sun:jre:6:update_7::::::
cpe:2.3:a:sun:jre:6:update_8::::::
cpe:2.3:a:sun:jre:6:update_9::::::
cpe:2.3:a:sun:sdk::::::::		1.4.2_18
cpe:2.3:a:sun:sdk:1.4.2_1:::::::*
cpe:2.3:a:sun:sdk:1.4.2_2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_3:::::::*
cpe:2.3:a:sun:sdk:1.4.2_4:::::::*
cpe:2.3:a:sun:sdk:1.4.2_5:::::::*
cpe:2.3:a:sun:sdk:1.4.2_6:::::::*
cpe:2.3:a:sun:sdk:1.4.2_7:::::::*
cpe:2.3:a:sun:sdk:1.4.2_8:::::::*
cpe:2.3:a:sun:sdk:1.4.2_9:::::::*
cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
cpe:2.3:a:sun:sdk:1.4.2_11:::::::*
cpe:2.3:a:sun:sdk:1.4.2_12:::::::*
cpe:2.3:a:sun:sdk:1.4.2_13:::::::*
cpe:2.3:a:sun:sdk:1.4.2_14:::::::*
cpe:2.3:a:sun:sdk:1.4.2_15:::::::*
cpe:2.3:a:sun:sdk:1.4.2_16:::::::*
cpe:2.3:a:sun:sdk:1.4.2_17:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html	cve@mitre.org
2	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html	cve@mitre.org
3	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	cve@mitre.org
4	http://marc.info/?l=bugtraq&m=123678756409861&w=2	cve@mitre.org
5	http://marc.info/?l=bugtraq&m=126583436323697&w=2	cve@mitre.org
6	http://osvdb.org/50513	cve@mitre.org
7	http://rhn.redhat.com/errata/RHSA-2008-1018.html	cve@mitre.org
8	http://rhn.redhat.com/errata/RHSA-2008-1025.html	cve@mitre.org
9	http://secunia.com/advisories/32991	cve@mitre.org
10	http://secunia.com/advisories/33015	cve@mitre.org
11	http://secunia.com/advisories/33528	cve@mitre.org
12	http://secunia.com/advisories/33710	cve@mitre.org
13	http://secunia.com/advisories/34233	cve@mitre.org
14	http://secunia.com/advisories/34605	cve@mitre.org
15	http://secunia.com/advisories/34889	cve@mitre.org
16	http://secunia.com/advisories/35065	cve@mitre.org
17	http://secunia.com/advisories/37386	cve@mitre.org
18	http://secunia.com/advisories/38539	cve@mitre.org
19	http://security.gentoo.org/glsa/glsa-200911-02.xml	cve@mitre.org
20	http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1	cve@mitre.org
21	http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm	cve@mitre.org
22	http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm	cve@mitre.org
23	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=	cve@mitre.org
24	http://www.redhat.com/support/errata/RHSA-2009-0015.html	cve@mitre.org
25	http://www.redhat.com/support/errata/RHSA-2009-0016.html	cve@mitre.org
26	http://www.redhat.com/support/errata/RHSA-2009-0445.html	cve@mitre.org
27	http://www.us-cert.gov/cas/techalerts/TA08-340A.html	cve@mitre.org
28	http://www.vupen.com/english/advisories/2008/3339	cve@mitre.org
29	http://www.vupen.com/english/advisories/2009/0672	cve@mitre.org
30	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf	cve@mitre.org
31	https://exchange.xforce.ibmcloud.com/vulnerabilities/47057	cve@mitre.org
32	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6249	cve@mitre.org
33	http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html	af854a3a-2127-422b-91ae-364da2661108
34	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
35	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
36	http://marc.info/?l=bugtraq&m=123678756409861&w=2	af854a3a-2127-422b-91ae-364da2661108
37	http://marc.info/?l=bugtraq&m=126583436323697&w=2	af854a3a-2127-422b-91ae-364da2661108
38	http://osvdb.org/50513	af854a3a-2127-422b-91ae-364da2661108
39	http://rhn.redhat.com/errata/RHSA-2008-1018.html	af854a3a-2127-422b-91ae-364da2661108
40	http://rhn.redhat.com/errata/RHSA-2008-1025.html	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/32991	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/33015	af854a3a-2127-422b-91ae-364da2661108
43	http://secunia.com/advisories/33528	af854a3a-2127-422b-91ae-364da2661108
44	http://secunia.com/advisories/33710	af854a3a-2127-422b-91ae-364da2661108
45	http://secunia.com/advisories/34233	af854a3a-2127-422b-91ae-364da2661108
46	http://secunia.com/advisories/34605	af854a3a-2127-422b-91ae-364da2661108
47	http://secunia.com/advisories/34889	af854a3a-2127-422b-91ae-364da2661108
48	http://secunia.com/advisories/35065	af854a3a-2127-422b-91ae-364da2661108
49	http://secunia.com/advisories/37386	af854a3a-2127-422b-91ae-364da2661108
50	http://secunia.com/advisories/38539	af854a3a-2127-422b-91ae-364da2661108
51	http://security.gentoo.org/glsa/glsa-200911-02.xml	af854a3a-2127-422b-91ae-364da2661108
52	http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1	af854a3a-2127-422b-91ae-364da2661108
53	http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm	af854a3a-2127-422b-91ae-364da2661108
54	http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm	af854a3a-2127-422b-91ae-364da2661108
55	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=	af854a3a-2127-422b-91ae-364da2661108
56	http://www.redhat.com/support/errata/RHSA-2009-0015.html	af854a3a-2127-422b-91ae-364da2661108
57	http://www.redhat.com/support/errata/RHSA-2009-0016.html	af854a3a-2127-422b-91ae-364da2661108
58	http://www.redhat.com/support/errata/RHSA-2009-0445.html	af854a3a-2127-422b-91ae-364da2661108
59	http://www.us-cert.gov/cas/techalerts/TA08-340A.html	af854a3a-2127-422b-91ae-364da2661108
60	http://www.vupen.com/english/advisories/2008/3339	af854a3a-2127-422b-91ae-364da2661108
61	http://www.vupen.com/english/advisories/2009/0672	af854a3a-2127-422b-91ae-364da2661108
62	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf	af854a3a-2127-422b-91ae-364da2661108
63	https://exchange.xforce.ibmcloud.com/vulnerabilities/47057	af854a3a-2127-422b-91ae-364da2661108
64	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6249	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

構成1	以上	以下	より上	未満
cpe:2.3:a:sun:jdk::update_16::::::*		5.0
cpe:2.3:a:sun:jdk::update_10::::::*		6
cpe:2.3:a:sun:jdk:5.0:update_1::::::
cpe:2.3:a:sun:jdk:5.0:update_10::::::
cpe:2.3:a:sun:jdk:5.0:update_11::::::
cpe:2.3:a:sun:jdk:5.0:update_12::::::
cpe:2.3:a:sun:jdk:5.0:update_13::::::
cpe:2.3:a:sun:jdk:5.0:update_14::::::
cpe:2.3:a:sun:jdk:5.0:update_15::::::
cpe:2.3:a:sun:jdk:5.0:update_2::::::
cpe:2.3:a:sun:jdk:5.0:update_3::::::
cpe:2.3:a:sun:jdk:5.0:update_4::::::
cpe:2.3:a:sun:jdk:5.0:update_5::::::
cpe:2.3:a:sun:jdk:5.0:update_6::::::
cpe:2.3:a:sun:jdk:5.0:update_7::::::
cpe:2.3:a:sun:jdk:5.0:update_8::::::
cpe:2.3:a:sun:jdk:5.0:update_9::::::
cpe:2.3:a:sun:jdk:6:::::::*
cpe:2.3:a:sun:jdk:6:update_1::::::
cpe:2.3:a:sun:jdk:6:update_2::::::
cpe:2.3:a:sun:jdk:6:update_3::::::
cpe:2.3:a:sun:jdk:6:update_4::::::
cpe:2.3:a:sun:jdk:6:update_5::::::
cpe:2.3:a:sun:jdk:6:update_6::::::
cpe:2.3:a:sun:jdk:6:update_7::::::
cpe:2.3:a:sun:jdk:6:update_8::::::
cpe:2.3:a:sun:jdk:6:update_9::::::
cpe:2.3:a:sun:jre::::::::		1.4.2_18
cpe:2.3:a:sun:jre::update_16::::::*		5.0
cpe:2.3:a:sun:jre::update_10::::::*		6
cpe:2.3:a:sun:jre:1.4.2_1:::::::*
cpe:2.3:a:sun:jre:1.4.2_2:::::::*
cpe:2.3:a:sun:jre:1.4.2_3:::::::*
cpe:2.3:a:sun:jre:1.4.2_4:::::::*
cpe:2.3:a:sun:jre:1.4.2_5:::::::*
cpe:2.3:a:sun:jre:1.4.2_6:::::::*
cpe:2.3:a:sun:jre:1.4.2_7:::::::*
cpe:2.3:a:sun:jre:1.4.2_8:::::::*
cpe:2.3:a:sun:jre:1.4.2_9:::::::*
cpe:2.3:a:sun:jre:1.4.2_10:::::::*
cpe:2.3:a:sun:jre:1.4.2_11:::::::*
cpe:2.3:a:sun:jre:1.4.2_12:::::::*
cpe:2.3:a:sun:jre:1.4.2_13:::::::*
cpe:2.3:a:sun:jre:1.4.2_14:::::::*
cpe:2.3:a:sun:jre:1.4.2_15:::::::*
cpe:2.3:a:sun:jre:1.4.2_16:::::::*
cpe:2.3:a:sun:jre:1.4.2_17:::::::*
cpe:2.3:a:sun:jre:5.0:::::::*
cpe:2.3:a:sun:jre:5.0:update_1::::::
cpe:2.3:a:sun:jre:5.0:update_10::::::
cpe:2.3:a:sun:jre:5.0:update_11::::::
cpe:2.3:a:sun:jre:5.0:update_12::::::
cpe:2.3:a:sun:jre:5.0:update_13::::::
cpe:2.3:a:sun:jre:5.0:update_14::::::
cpe:2.3:a:sun:jre:5.0:update_15::::::
cpe:2.3:a:sun:jre:5.0:update_2::::::
cpe:2.3:a:sun:jre:5.0:update_3::::::
cpe:2.3:a:sun:jre:5.0:update_4::::::
cpe:2.3:a:sun:jre:5.0:update_5::::::
cpe:2.3:a:sun:jre:5.0:update_6::::::
cpe:2.3:a:sun:jre:5.0:update_7::::::
cpe:2.3:a:sun:jre:5.0:update_8::::::
cpe:2.3:a:sun:jre:5.0:update_9::::::
cpe:2.3:a:sun:jre:6:::::::*
cpe:2.3:a:sun:jre:6:update_1::::::
cpe:2.3:a:sun:jre:6:update_2::::::
cpe:2.3:a:sun:jre:6:update_3::::::
cpe:2.3:a:sun:jre:6:update_4::::::
cpe:2.3:a:sun:jre:6:update_5::::::
cpe:2.3:a:sun:jre:6:update_6::::::
cpe:2.3:a:sun:jre:6:update_7::::::
cpe:2.3:a:sun:jre:6:update_8::::::
cpe:2.3:a:sun:jre:6:update_9::::::
cpe:2.3:a:sun:sdk::::::::		1.4.2_18
cpe:2.3:a:sun:sdk:1.4.2_1:::::::*
cpe:2.3:a:sun:sdk:1.4.2_2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_3:::::::*
cpe:2.3:a:sun:sdk:1.4.2_4:::::::*
cpe:2.3:a:sun:sdk:1.4.2_5:::::::*
cpe:2.3:a:sun:sdk:1.4.2_6:::::::*
cpe:2.3:a:sun:sdk:1.4.2_7:::::::*
cpe:2.3:a:sun:sdk:1.4.2_8:::::::*
cpe:2.3:a:sun:sdk:1.4.2_9:::::::*
cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
cpe:2.3:a:sun:sdk:1.4.2_11:::::::*
cpe:2.3:a:sun:sdk:1.4.2_12:::::::*
cpe:2.3:a:sun:sdk:1.4.2_13:::::::*
cpe:2.3:a:sun:sdk:1.4.2_14:::::::*
cpe:2.3:a:sun:sdk:1.4.2_15:::::::*
cpe:2.3:a:sun:sdk:1.4.2_16:::::::*
cpe:2.3:a:sun:sdk:1.4.2_17:::::::*