Vulnerability CVE-2008-1191

Vulnerability Name:

CVE-2008-1191 (CCN-41136)

Assigned:

2008-03-04

Published:

2008-03-04

Updated:

2017-09-29

Summary:

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."

CVSS v3 Severity:

4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.0 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2008-1191

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-09-24

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:018

Source: CCN
Type: RHSA-2008-0186
Critical: java-1.5.0-sun security update

Source: CCN
Type: RHSA-2008-0267
Critical: java-1.6.0-ibm security update

Source: CCN
Type: SA29239
Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
29239

Source: SECUNIA
Type: Vendor Advisory
29273

Source: SECUNIA
Type: Vendor Advisory
29582

Source: SECUNIA
Type: Vendor Advisory
29858

Source: CCN
Type: SA30676
VMware ESX Server update for Tomcat and Java JRE

Source: SECUNIA
Type: Vendor Advisory
30676

Source: SECUNIA
Type: Vendor Advisory
30780

Source: CCN
Type: SA32018
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
32018

Source: GENTOO
Type: UNKNOWN
GLSA-200804-28

Source: CCN
Type: SECTRACK ID: 1019549
Java Web Start Buffer Overflows and Other Bugs Let Remote Users Read/Write Files and Execute Applications on the Target User's System

Source: SUNALERT
Type: Patch, Vendor Advisory
233323

Source: CCN
Type: Sun Alert ID: 233323
Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges

Source: CCN
Type: Apple Web site
About the security content of Java for Mac OS X 10.4, Release 7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3178

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3179

Source: CCN
Type: ASA-2008-113
java-1.5.0-sun security update (RHSA-2008-0186)

Source: CCN
Type: NORTEL BULLETIN ID: 2008008808, Rev 1
Nortel response to Sun Java JDK / JRE Multiple Vulnerabilities

Source: CCN
Type: GLSA 200804-28
JRockit: Multiple vulnerabilities

Source: CCN
Type: GLSA-200804-20
Sun JDK/JRE: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200804-20

Source: GENTOO
Type: UNKNOWN
GLSA-200806-11

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0186

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0267

Source: CCN
Type: BID-28083
Sun Java SE Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1019549

Source: CERT
Type: US Government Resource
TA08-066A

Source: CCN
Type: VMSA-2008-0010
Updated Tomcat and Java JRE packages for VMware ESX 3.5

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0010.html

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0770

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1856

Source: XF
Type: UNKNOWN
javawebstart-application-priv-escalation(41029)

Source: XF
Type: UNKNOWN
javawebstart-unspecified-priv-escalation(41136)

Source: XF
Type: UNKNOWN
javawebstart-unspecified-priv-escalation(41136)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10167

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: SUSE
Type: SUSE-SA:2008:018
Sun Java Security Update

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jdk:*:*:*:*:*:*:*:* (Version <= 6_update_4)

OR cpe:/a:sun:jre:*:*:*:*:*:*:*:* (Version <= 6_update_4)

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update4:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:-:*:*:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:-:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:-:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42329	P	Security update for dwarves and elfutils (Moderate)	2022-08-01
oval:org.opensuse.security:def:20081191	V	CVE-2008-1191	2022-05-20
oval:org.opensuse.security:def:31756	P	Security update for apache2 (Important)	2022-01-12
oval:org.opensuse.security:def:31751	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:31702	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:31699	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:32209	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:26151	P	Security update for python3 (Moderate)	2021-10-20
oval:org.opensuse.security:def:42128	P	Security update for rpm (Important)	2021-10-15
oval:org.opensuse.security:def:31275	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:31254	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:32165	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:26102	P	Security update for php72 (Important)	2021-08-06
oval:org.opensuse.security:def:32143	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31646	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:31643	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:31190	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31189	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:32104	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26049	P	Security update for lz4 (Important)	2021-05-14
oval:org.opensuse.security:def:26048	P	Security update for the Linux Kernel (Important)	2021-05-13
oval:org.opensuse.security:def:31607	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:31346	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:26190	P	Security update for MozillaFirefox (Low)	2021-02-10
oval:org.opensuse.security:def:31201	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:32009	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:41975	P	java-1_6_0-ibm-1.6.0_sr7.0-1.6.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35568	P	java-1_6_0-ibm-1.6.0_sr7.0-1.6.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35721	P	java-1_6_0-ibm-1.6.0_sr9.3-0.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35922	P	java-1_6_0-ibm-1.6.0_sr13.1-0.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31401	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:25849	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:31856	P	Security update for cups (Moderate)	2020-12-01
oval:org.opensuse.security:def:25545	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31036	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:25990	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:31407	P	Security update for perl-XML-LibXML (Important)	2020-12-01
oval:org.opensuse.security:def:25798	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26921	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31122	P	Security update for kvm	2020-12-01
oval:org.opensuse.security:def:31999	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26686	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25484	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25895	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:25273	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:31403	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:25119	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:25757	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:31904	P	Security update for foomatic-filters (Moderate)	2020-12-01
oval:org.opensuse.security:def:25476	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:32847	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25195	P	Security update for audiofile (Low)	2020-12-01
oval:org.opensuse.security:def:31390	P	Security update for pam	2020-12-01
oval:org.opensuse.security:def:25698	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31812	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:25461	P	Security update for cpio (Moderate)	2020-12-01
oval:org.opensuse.security:def:25951	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:32533	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25749	P	Security update for pidgin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26886	P	ecryptfs-utils-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31048	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31843	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:25473	P	Security update for strongswan (Important)	2020-12-01
oval:org.opensuse.security:def:31556	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25272	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:25676	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31855	P	Security update for crash (Low)	2020-12-01
oval:org.opensuse.security:def:26568	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25348	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25131	P	Security update for bash (Important)	2020-12-01
oval:org.opensuse.security:def:25898	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31965	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:31389	P	Security update for orca (Moderate)	2020-12-01
oval:org.opensuse.security:def:25614	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31790	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:25404	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:32686	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31475	P	Security update for procps (Moderate)	2020-12-01
oval:org.opensuse.security:def:25902	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32494	P	cifs-mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25696	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:26248	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31037	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:26004	P	Security update for shotwell (Moderate)	2020-12-01
oval:org.opensuse.security:def:25472	P	Security update for apache2-mod_perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:31499	P	Security update for python-paramiko (Important)	2020-12-01
oval:org.opensuse.security:def:25837	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32055	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26721	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25548	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:31799	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:26533	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25284	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:31490	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:25120	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:25814	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31943	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:25557	P	Security update for transfig (Low)	2020-12-01
oval:org.opensuse.security:def:32886	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25323	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:32647	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:22208	P	ELSA-2008:0267: java-1.6.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:10167	V	Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue."	2010-09-06
oval:com.redhat.rhsa:def:20080267	P	RHSA-2008:0267: java-1.6.0-ibm security update (Critical)	2008-05-19

BACK