|
|
CVE Reference: CVE-2008-5355 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-5355 |
|
|
Description: The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. |
|
|
CVE Status: Candidate |
|
|
References: SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1 ST 1021315 SAID Secunia Advisory: SA37386 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5664 OSVDB 50498 GENTOO http://security.gentoo.org/glsa/glsa-200911-02.xml CONFIRM http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid= CERT http://www.us-cert.gov/cas/techalerts/TA08-340A.html |
|
| Return to the previous page. |
