Vulnerability Name:

CVE-2008-3106 (CCN-43658)

Assigned:2008-07-08
Published:2008-07-08
Updated:2018-10-11
Summary:Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-3106

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-09-24

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:042

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:043

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:045

Source: BUGTRAQ
Type: UNKNOWN
20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and

Source: CCN
Type: RHSA-2008-0594
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2008-0638
Low: Red Hat Network Satellite Server IBM Java Runtime security update

Source: CCN
Type: RHSA-2008-0790
Critical: java-1.5.0-ibm security update

Source: CCN
Type: RHSA-2008-0906
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2008-1044
Important: java-1.5.0-bea security update

Source: CCN
Type: RHSA-2008-1045
Important: java-1.6.0-bea security update

Source: CCN
Type: SA31010
Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
31010

Source: SECUNIA
Type: UNKNOWN
31320

Source: SECUNIA
Type: UNKNOWN
31497

Source: SECUNIA
Type: UNKNOWN
31600

Source: SECUNIA
Type: UNKNOWN
31736

Source: CCN
Type: SA32018
Mac OS X Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32018

Source: CCN
Type: SA32179
VMware VirtualCenter Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32179

Source: CCN
Type: SA32180
VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32180

Source: SECUNIA
Type: UNKNOWN
32436

Source: SECUNIA
Type: UNKNOWN
33237

Source: SECUNIA
Type: UNKNOWN
33238

Source: SECUNIA
Type: UNKNOWN
37386

Source: GENTOO
Type: UNKNOWN
GLSA-200911-02

Source: CCN
Type: SECTRACK ID: 1020457
Java Runtime Environment XML Processing Bug Lets Remote Users Access Resources

Source: CCN
Type: Sun Alert: 238628
Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data

Source: SUNALERT
Type: UNKNOWN
238628

Source: CCN
Type: Apple Web site
About the security content of Java for Mac OS X 10.4, Release 7

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3179

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm

Source: CCN
Type: ASA-2008-299
Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data (Sun 238628)

Source: CCN
Type: ASA-2008-330
java-1.5.0-ibm security update (RHSA-2008-0790)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm

Source: CCN
Type: ASA-2008-428
java-1.6.0-ibm security update (RHSA-2008-0906)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm

Source: CCN
Type: ASA-2008-507
java-1.5.0-bea security update (RHSA-2008-1044)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm

Source: CCN
Type: ASA-2008-509
java-1.6.0-bea security update (RHSA-2008-1045)

Source: CCN
Type: NORTEL BULLETIN ID: 2008008988, Rev 1
Nortel Response to Sun Java JDK / JRE Multiple Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014

Source: CCN
Type: NORTEL BULLETIN ID: 2008008988, Rev 2
Nortel Response to Sun Java JDK / JRE Multiple Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0594

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0790

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0906

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1044

Source: REDHAT
Type: UNKNOWN
RHSA-2008:1045

Source: BUGTRAQ
Type: UNKNOWN
20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

Source: BID
Type: UNKNOWN
30143

Source: CCN
Type: BID-30143
Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020457

Source: CERT
Type: US Government Resource
TA08-193A

Source: CCN
Type: VMSA-2008-0016
VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2008-0016.html

Source: VUPEN
Type: UNKNOWN
ADV-2008-2056

Source: VUPEN
Type: UNKNOWN
ADV-2008-2740

Source: XF
Type: UNKNOWN
sun-jre-xml-unauth-access(43658)

Source: XF
Type: UNKNOWN
sun-jre-xml-unauth-access(43658)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10866

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: SUSE
Type: SUSE-SA:2008:042
Sun Java security update

Source: SUSE
Type: SUSE-SA:2008:045
IBM Java Security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:jdk:5.0:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:*:update_15:*:*:*:*:*:* (Version <= 5.0)
  • OR cpe:/a:sun:jdk:5.0:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_7:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_8:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:update_9:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:6:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:*:update_6:*:*:*:*:*:* (Version <= 6)
  • OR cpe:/a:sun:jre:5.0:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_11:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_12:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_14:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:*:update_15:*:*:*:*:*:* (Version <= 5.0)
  • OR cpe:/a:sun:jre:5.0:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:update_9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:6:update_5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:*:update_6:*:*:*:*:*:* (Version <= 6)

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:jre:1.6.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update15:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update6:*:*:*:*:*:*
  • AND
  • cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:esx_server:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:server:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:ace:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20083106
    V
    		CVE-2008-3106
    2017-09-27
    oval:org.mitre.oval:def:22274
    P
    		ELSA-2008:0906: java-1.6.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22389
    P
    		ELSA-2008:0594: java-1.6.0-sun security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22662
    P
    		ELSA-2008:0790: java-1.5.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:10866
    V
    		Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.
    2010-09-06
    oval:com.redhat.rhsa:def:20080906
    P
    		RHSA-2008:0906: java-1.6.0-ibm security update (Critical)
    2008-10-24
    oval:com.redhat.rhsa:def:20080790
    P
    		RHSA-2008:0790: java-1.5.0-ibm security update (Critical)
    2008-07-31
    oval:com.redhat.rhsa:def:20080594
    P
    		RHSA-2008:0594: java-1.6.0-sun security update (Critical)
    2008-07-14
    BACK
    sun jdk 5.0 update_1
    sun jdk 5.0 update_10
    sun jdk 5.0 update_11
    sun jdk 5.0 update_12
    sun jdk 5.0 update_13
    sun jdk 5.0 update_14
    sun jdk * update_15
    sun jdk 5.0 update_2
    sun jdk 5.0 update_3
    sun jdk 5.0 update_4
    sun jdk 5.0 update_5
    sun jdk 5.0 update_6
    sun jdk 5.0 update_7
    sun jdk 5.0 update_8
    sun jdk 5.0 update_9
    sun jdk 6 update_1
    sun jdk 6 update_2
    sun jdk 6 update_3
    sun jdk 6 update_4
    sun jdk 6 update_5
    sun jdk * update_6
    sun jre 5.0 update_1
    sun jre 5.0 update_10
    sun jre 5.0 update_11
    sun jre 5.0 update_12
    sun jre 5.0 update_13
    sun jre 5.0 update_14
    sun jre * update_15
    sun jre 5.0 update_2
    sun jre 5.0 update_3
    sun jre 5.0 update_4
    sun jre 5.0 update_5
    sun jre 5.0 update_6
    sun jre 5.0 update_7
    sun jre 5.0 update_8
    sun jre 5.0 update_9
    sun jre 6 update_1
    sun jre 6 update_2
    sun jre 6 update_3
    sun jre 6 update_4
    sun jre 6 update_5
    sun jre * update_6
    sun jre 1.6.0 update6
    sun jre 1.5.0 update15
    sun jdk 1.5.0 update15
    sun jdk 1.6.0 update6
    novell linux desktop 9
    redhat rhel extras 4
    vmware workstation 5.5.1
    suse novell linux pos 9
    vmware esx 3.0.1
    vmware workstation 6.0
    apple mac os x 10.5
    apple mac os x server 10.5
    apple mac os x 10.5.1
    apple mac os x server 10.5.1
    vmware esx 3.0.2
    apple mac os x 10.5.2
    vmware ace 2.0
    apple mac os x server 10.5.2
    novell open enterprise server -
    vmware ace 1.0
    vmware ace 1.0.3
    vmware server 1.0.3
    vmware workstation 5.5
    vmware workstation 5.5.3
    vmware workstation 5.5.4
    opensuse opensuse 10.2
    opensuse opensuse 10.3
    vmware ace 2.0.3
    vmware ace 2.0.1
    vmware ace 2.0.2
    vmware esx server 3.5
    vmware server 1.0
    vmware workstation 5.5.0
    vmware workstation 5.5.2
    vmware workstation 5.5.5
    vmware workstation 5.5.6
    vmware workstation 6.0.1
    vmware workstation 6.0.2
    vmware workstation 6.0.3
    vmware ace 1.0.1
    vmware ace 1.0.2
    vmware ace 1.0.4
    vmware ace 1.0.5
    vmware server 1.0.1
    vmware server 1.0.2
    vmware server 1.0.4
    vmware server 1.0.5
    opensuse opensuse 11.0
    novell suse linux enterprise server 10 sp2
    apple mac os x server 10.5.3
    apple mac os x 10.5.3
    vmware esx server 3.0.3
    vmware server 1.0.6
    vmware workstation 5.5.7
    vmware workstation 6.0.4
    vmware ace 1.0.6
    vmware ace 2.0.4
    vmware virtualcenter 2.5
    ibm cloud pak for security 1.7.2.0