Vulnerability CVE-2008-3104 - CERT Civis.Net

Vulnerability Name:

CVE-2008-3104 (CCN-43662)

Assigned:

2008-07-08

Published:

2008-07-08

Updated:

2018-10-30

Summary:

Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo
CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2008-3104

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-09-24

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:042

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:043

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:045

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:028

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:010

Source: BUGTRAQ
Type: UNKNOWN
20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and

Source: CCN
Type: RHSA-2008-0594
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2008-0595
Critical: java-1.5.0-sun security update

Source: CCN
Type: RHSA-2008-0636
Low: Red Hat Network Satellite Server Sun Java Runtime security update

Source: CCN
Type: RHSA-2008-0638
Low: Red Hat Network Satellite Server IBM Java Runtime security update

Source: CCN
Type: RHSA-2008-0790
Critical: java-1.5.0-ibm security update

Source: CCN
Type: RHSA-2008-0906
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2008-0955
Critical: java-1.4.2-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0955

Source: CCN
Type: RHSA-2008-1043
Important: java-1.4.2-bea security update

Source: CCN
Type: RHSA-2008-1044
Important: java-1.5.0-bea security update

Source: CCN
Type: RHSA-2008-1045
Important: java-1.6.0-bea security update

Source: CCN
Type: SA31010
Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
31010

Source: SECUNIA
Type: UNKNOWN
31055

Source: CCN
Type: SA31269
Avaya CMS Sun Java JDK / JRE Same Origin Policy Bypass

Source: SECUNIA
Type: UNKNOWN
31269

Source: SECUNIA
Type: UNKNOWN
31320

Source: SECUNIA
Type: UNKNOWN
31497

Source: SECUNIA
Type: UNKNOWN
31600

Source: SECUNIA
Type: UNKNOWN
31736

Source: CCN
Type: SA32018
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32018

Source: CCN
Type: SA32179
VMware VirtualCenter Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32179

Source: CCN
Type: SA32180
VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32180

Source: SECUNIA
Type: UNKNOWN
32436

Source: SECUNIA
Type: UNKNOWN
32826

Source: SECUNIA
Type: UNKNOWN
33194

Source: SECUNIA
Type: UNKNOWN
33236

Source: SECUNIA
Type: UNKNOWN
33237

Source: SECUNIA
Type: UNKNOWN
33238

Source: SECUNIA
Type: UNKNOWN
35065

Source: SECUNIA
Type: UNKNOWN
37386

Source: GENTOO
Type: UNKNOWN
GLSA-200911-02

Source: CCN
Type: SECTRACK ID: 1020459
Java Runtime Environment (JRE) Bugs Let Remote Users Connect to Local Host Ports

Source: CCN
Type: Sun Alert ID: 238968
Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed

Source: SUNALERT
Type: Patch
238968

Source: CCN
Type: Apple Web site
About the security content of Java for Mac OS X 10.4, Release 7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3178

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3179

Source: CCN
Type: ASA-2008-303
java-1.5.0-sun security update (RHSA-2008-0595)

Source: CCN
Type: ASA-2008-308
Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed (Sun 238968)

Source: CCN
Type: ASA-2008-330
java-1.5.0-ibm security update (RHSA-2008-0790)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm

Source: CCN
Type: ASA-2008-428
java-1.6.0-ibm security update (RHSA-2008-0906)

Source: CCN
Type: ASA-2008-456
java-1.4.2-ibm security update (RHSA-2008-0955)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm

Source: CCN
Type: ASA-2008-507
java-1.5.0-bea security update (RHSA-2008-1044)

Source: CCN
Type: ASA-2008-508
java-1.4.2-bea security update (RHSA-2008-1043)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm

Source: CCN
Type: ASA-2008-509
java-1.6.0-bea security update (RHSA-2008-1045)

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0594

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0595

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0790

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0906

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1043

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1044

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1045

Source: BUGTRAQ
Type: UNKNOWN
20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

Source: BID
Type: UNKNOWN
30140

Source: CCN
Type: BID-30140
Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020459

Source: CERT
Type: US Government Resource
TA08-193A

Source: CCN
Type: VMSA-2008-0016
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-2056

Source: VUPEN
Type: UNKNOWN
ADV-2008-2740

Source: XF
Type: UNKNOWN
sun-jre-unspecified-security-bypass(43662)

Source: XF
Type: UNKNOWN
sun-jre-unspecified-security-bypass(43662)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9565

Source: SUSE
Type: SUSE-SA:2008:042
Sun Java security update

Source: SUSE
Type: SUSE-SA:2008:045
IBM Java Security update

Source: SUSE
Type: SUSE-SR:2008:028
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2009:010
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jdk:*:update_15:*:*:*:*:*:* (Version <= 5.0)

OR cpe:/a:sun:jdk:5.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:update_9:*:*:*:*:*:*

OR cpe:/a:sun:jdk:6:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:6:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:6:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:6:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:6:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:*:update_6:*:*:*:*:*:* (Version <= 6)

OR cpe:/a:sun:jre:1.3.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update20:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update20:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update1:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update2:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update3:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update4:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update5:linux:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update17:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update16:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update17:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

AND

cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.7:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.9:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.6:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.5:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:server:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.5.7:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:6.0.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:vmware:ace:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20083104	V	CVE-2008-3104	2022-05-20
oval:org.opensuse.security:def:31750	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:31701	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:42127	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:31274	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:31253	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:31645	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:31642	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:31200	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:31188	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31189	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26047	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:31345	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:32008	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:41974	P	java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35567	P	java-1_4_2-ibm-1.4.2_sr13.3-1.1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35720	P	java-1_4_2-ibm-1.4.2_sr13.10-0.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25283	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:25950	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:31035	P	Security update for jpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:31555	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32646	P	curl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25403	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25894	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:25347	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25989	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31036	P	Security update for kdebase4-workspace	2020-12-01
oval:org.opensuse.security:def:32685	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25460	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26532	P	cron on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25475	P	Security update for libssh (Important)	2020-12-01
oval:org.opensuse.security:def:26003	P	Security update for yaml-cpp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31047	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31798	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:25544	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26567	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25556	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31121	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31789	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:31854	P	Security update for cracklib (Moderate)	2020-12-01
oval:org.opensuse.security:def:25118	P	Security update for lftp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25695	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25613	P	Security update for libsolv (Moderate)	2020-12-01
oval:org.opensuse.security:def:26685	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31811	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:31903	P	Security update for fontconfig (Low)	2020-12-01
oval:org.opensuse.security:def:25119	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:25748	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25697	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26720	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31855	P	Security update for crash (Low)	2020-12-01
oval:org.opensuse.security:def:31942	P	Security update for gnome-session (Moderate)	2020-12-01
oval:org.opensuse.security:def:25130	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25797	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25271	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25848	P	Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:31402	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:32493	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31406	P	Security update for perl-PlRPC (Moderate)	2020-12-01
oval:org.opensuse.security:def:31964	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25194	P	Security update for adns (Important)	2020-12-01
oval:org.opensuse.security:def:25836	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:25272	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:25901	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31489	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32532	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31498	P	Security update for python-numpy (Important)	2020-12-01
oval:org.opensuse.security:def:25322	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:25850	P	Security update for libreoffice (Low)	2020-12-01
oval:org.mitre.oval:def:22389	P	ELSA-2008:0594: java-1.6.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22640	P	ELSA-2008:0595: java-1.5.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22662	P	ELSA-2008:0790: java-1.5.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22274	P	ELSA-2008:0906: java-1.6.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22711	P	ELSA-2008:0955: java-1.4.2-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:9565	V	Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.	2010-09-06
oval:com.redhat.rhsa:def:20080955	P	RHSA-2008:0955: java-1.4.2-ibm security update (Critical)	2008-11-25
oval:com.redhat.rhsa:def:20080906	P	RHSA-2008:0906: java-1.6.0-ibm security update (Critical)	2008-10-24
oval:com.redhat.rhsa:def:20080790	P	RHSA-2008:0790: java-1.5.0-ibm security update (Critical)	2008-07-31
oval:com.redhat.rhsa:def:20080594	P	RHSA-2008:0594: java-1.6.0-sun security update (Critical)	2008-07-14
oval:com.redhat.rhsa:def:20080595	P	RHSA-2008:0595: java-1.5.0-sun security update (Critical)	2008-07-14