Vulnerability Name:

CVE-2008-3105 (CCN-43657)

Assigned:2008-07-08
Published:2008-07-08
Updated:2018-10-11
Summary:Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:8.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C)
6.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-3105

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-09-24

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:042

Source: BUGTRAQ
Type: UNKNOWN
20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and

Source: CCN
Type: RHSA-2008-0594
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2008-0906
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2008-1044
Important: java-1.5.0-bea security update

Source: CCN
Type: RHSA-2008-1045
Important: java-1.6.0-bea security update

Source: CCN
Type: SA31010
Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31010

Source: SECUNIA
Type: UNKNOWN
31600

Source: CCN
Type: SA32018
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32018

Source: CCN
Type: SA32179
VMware VirtualCenter Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32179

Source: CCN
Type: SA32180
VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32180

Source: SECUNIA
Type: UNKNOWN
32436

Source: SECUNIA
Type: UNKNOWN
33237

Source: SECUNIA
Type: UNKNOWN
33238

Source: SECUNIA
Type: UNKNOWN
37386

Source: GENTOO
Type: UNKNOWN
GLSA-200911-02

Source: CCN
Type: SECTRACK ID: 1020457
Java Runtime Environment XML Processing Bug Lets Remote Users Access Resources

Source: CCN
Type: Sun Alert: 238628
Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data

Source: SUNALERT
Type: Patch
238628

Source: CCN
Type: Apple Web site
About the security content of Java for Mac OS X 10.4, Release 7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3179

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm

Source: CCN
Type: ASA-2008-299
Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data (Sun 238628)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm

Source: CCN
Type: ASA-2008-428
java-1.6.0-ibm security update (RHSA-2008-0906)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm

Source: CCN
Type: ASA-2008-507
java-1.5.0-bea security update (RHSA-2008-1044)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm

Source: CCN
Type: ASA-2008-509
java-1.6.0-bea security update (RHSA-2008-1045)

Source: CCN
Type: NORTEL BULLETIN ID: 2008008988, Rev 1
Nortel Response to Sun Java JDK / JRE Multiple Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014

Source: CCN
Type: NORTEL BULLETIN ID: 2008008988, Rev 2
Nortel Response to Sun Java JDK / JRE Multiple Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0594

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0906

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1044

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1045

Source: BUGTRAQ
Type: UNKNOWN
20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

Source: BID
Type: UNKNOWN
30143

Source: CCN
Type: BID-30143
Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020457

Source: CERT
Type: US Government Resource
TA08-193A

Source: CCN
Type: VMSA-2008-0016
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-2056

Source: VUPEN
Type: UNKNOWN
ADV-2008-2740

Source: XF
Type: UNKNOWN
sun-jre-jaxws-unauth-access(43654)

Source: XF
Type: UNKNOWN
sun-jre-xml-dos(43657)

Source: XF
Type: UNKNOWN
sun-jre-xml-dos(43657)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11274

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: SUSE
Type: SUSE-SA:2008:042
Sun Java security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:jdk:6:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:*:update_6:*:*:*:*:*:* (Version <= 6)
  • OR cpe:/a:sun:jre:6:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:*:update_6:*:*:*:*:*:* (Version <= 6)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:jre:1.6.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update6:*:*:*:*:*:*
  • AND
  • cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20083105
    V
    		CVE-2008-3105
    2015-11-16
    oval:org.mitre.oval:def:22389
    P
    		ELSA-2008:0594: java-1.6.0-sun security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22274
    P
    		ELSA-2008:0906: java-1.6.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:11274
    V
    		Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
    2010-09-06
    oval:com.redhat.rhsa:def:20080906
    P
    		RHSA-2008:0906: java-1.6.0-ibm security update (Critical)
    2008-10-24
    oval:com.redhat.rhsa:def:20080594
    P
    		RHSA-2008:0594: java-1.6.0-sun security update (Critical)
    2008-07-14
    BACK
    sun jdk 6 update_1
    sun jdk 6 update_2
    sun jdk 6 update_3
    sun jdk 6 update_4
    sun jdk 6 update_5
    sun jdk * update_6
    sun jre 6 update_1
    sun jre 6 update_2
    sun jre 6 update_3
    sun jre 6 update_4
    sun jre 6 update_5
    sun jre * update_6
    sun jre 1.6.0 update6
    sun jdk 1.6.0 update6
    novell linux desktop 9
    redhat rhel extras 4
    vmware workstation 5.5.1
    suse novell linux pos 9
    vmware esx 3.0.1
    vmware workstation 6.0
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.5.1
    apple mac os x server 10.5.1
    vmware esx 3.0.2
    apple mac os x 10.5.2
    vmware ace 2.0
    apple mac os x server 10.5.2
    novell open enterprise server -
    vmware ace 1.0
    vmware ace 1.0.3
    vmware server 1.0.3
    vmware workstation 5.5
    vmware workstation 5.5.3
    vmware workstation 5.5.4
    opensuse opensuse 10.2
    opensuse opensuse 10.3
    vmware ace 2.0.3
    vmware ace 2.0.1
    vmware ace 2.0.2
    vmware esx server 3.5
    vmware server 1.0
    vmware workstation 5.5.0
    vmware workstation 5.5.2
    vmware workstation 5.5.5
    vmware workstation 5.5.6
    vmware workstation 6.0.1
    vmware workstation 6.0.2
    vmware workstation 6.0.3
    vmware ace 1.0.1
    vmware ace 1.0.2
    vmware ace 1.0.4
    vmware ace 1.0.5
    vmware server 1.0.1
    vmware server 1.0.2
    vmware server 1.0.4
    vmware server 1.0.5
    opensuse opensuse 11.0
    novell suse linux enterprise server 10 sp2
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    vmware esx server 3.0.3
    vmware server 1.0.6
    vmware workstation 5.5.7
    vmware workstation 6.0.4
    vmware ace 1.0.6
    vmware ace 2.0.4
    vmware virtualcenter 2.5
    ibm cloud pak for security 1.7.2.0