Vulnerability Name:
CVE-2008-5349 (CCN-47064)
Assigned:
2008-12-03
Published:
2008-12-03
Updated:
2018-10-11
Summary:
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Low
CVSS v2 Severity:
7.1 High
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
)
5.3 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Complete
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
)
3.2 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Partial
7.1 High
(REDHAT CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
)
5.3 Medium
(REDHAT Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Complete
Vulnerability Type:
CWE-noinfo
Vulnerability Consequences:
Denial of Service
References:
Source: MITRE
Type: CNA
CVE-2008-5349
Source: HP
Type: UNKNOWN
SSRT090058
Source: CCN
Type: HP Security Bulletin HPSBMA02445 SSRT090058 rev.1
HP Serviceguard Manager, Remote Execution of Arbitrary Code, Denial of Service (DoS)
Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:006
Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:016
Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:017
Source: OSVDB
Type: UNKNOWN
50504
Source: CCN
Type: RHSA-2008-1018
Critical: java-1.6.0-sun security update
Source: REDHAT
Type: UNKNOWN
RHSA-2008:1018
Source: CCN
Type: RHSA-2008-1025
Critical: java-1.5.0-sun security update
Source: REDHAT
Type: UNKNOWN
RHSA-2008:1025
Source: CCN
Type: RHSA-2009-0016
Critical: java-1.5.0-ibm security update
Source: CCN
Type: RHSA-2009-0466
Low: java-1.5.0-ibm security update
Source: CCN
Type: RHSA-2009-1505
Moderate: java-1.4.2-ibm security update
Source: CCN
Type: RHSA-2009-1551
Moderate: java-1.4.2-ibm security update
Source: CCN
Type: SA32991
Sun Java JDK / JRE Multiple Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
32991
Source: SECUNIA
Type: UNKNOWN
33015
Source: SECUNIA
Type: UNKNOWN
33709
Source: SECUNIA
Type: UNKNOWN
34259
Source: SECUNIA
Type: UNKNOWN
34972
Source: SECUNIA
Type: UNKNOWN
35255
Source: SECUNIA
Type: UNKNOWN
37386
Source: GENTOO
Type: UNKNOWN
GLSA-200911-02
Source: CCN
Type: SECTRACK ID: 1021309
Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service
Source: SUNALERT
Type: Patch, Vendor Advisory
246286
Source: CCN
Type: Sun Alert ID: 246286
Security Vulnerability in the Java Runtime Environment With Processing RSA Public Keys
Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm
Source: CCN
Type: ASA-2008-491
Security Vulnerability in the Java Runtime Environment With Processing RSA Public Keys (Sun 246286)
Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm
Source: CCN
Type: ASA-2009-012
java-1.5.0-ibm security update (RHSA-2009-0016)
Source: CCN
Type: NORTEL BULLETIN ID: 2009009294, Rev 1
Nortel: Technical Support: Nortel Response to Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
Source: CONFIRM
Type: UNKNOWN
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
Source: CCN
Type: OSVDB ID: 50504
Sun Java JDK / JRE RSA Public Key Processing Resource Consumption DoS
Source: REDHAT
Type: UNKNOWN
RHSA-2009:0016
Source: HP
Type: UNKNOWN
HPSBUX02429
Source: BID
Type: UNKNOWN
32608
Source: CCN
Type: BID-32608
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
Source: SECTRACK
Type: UNKNOWN
1021309
Source: CCN
Type: USN-713-1
openjdk-6 vulnerabilities
Source: CERT
Type: US Government Resource
TA08-340A
Source: VUPEN
Type: UNKNOWN
ADV-2008-3339
Source: VUPEN
Type: UNKNOWN
ADV-2009-1426
Source: CONFIRM
Type: UNKNOWN
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
Source: XF
Type: UNKNOWN
jre-rsa-dos(47064)
Source: XF
Type: UNKNOWN
sun-jre-rsa-dos(47064)
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5843
Source: REDHAT
Type: UNKNOWN
RHSA-2009:0466
Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
Source: SUSE
Type: SUSE-SA:2009:001
Sun Java security problems
Source: SUSE
Type: SUSE-SR:2009:006
SUSE Security Summary Report
Source: SUSE
Type: SUSE-SR:2009:016
SUSE Security Summary Report
Source: SUSE
Type: SUSE-SR:2009:017
SUSE Security Summary Report
Vulnerable Configuration:
Configuration 1
:
cpe:/a:sun:jdk:5.0:update_1:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:5.0:update_10:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:5.0:update_11:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:5.0:update_12:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:5.0:update_13:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:5.0:update_14:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:5.0:update_15:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:*:update_16:*:*:*:*:*:*
(Version <= 5.0)
OR
cpe:/a:sun:jdk:5.0:update_2:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:5.0:update_3:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:6:*:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:6:update_1:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:*:update_10:*:*:*:*:*:*
(Version <= 6)
OR
cpe:/a:sun:jdk:6:update_2:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:6:update_3:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:6:update_4:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:6:update_5:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:6:update_6:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:6:update_7:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:6:update_8:*:*:*:*:*:*
OR
cpe:/a:sun:jre:5.0:*:*:*:*:*:*:*
OR
cpe:/a:sun:jre:5.0:update_1:*:*:*:*:*:*
OR
cpe:/a:sun:jre:5.0:update_10:*:*:*:*:*:*
OR
cpe:/a:sun:jre:5.0:update_11:*:*:*:*:*:*
OR
cpe:/a:sun:jre:5.0:update_12:*:*:*:*:*:*
OR
cpe:/a:sun:jre:5.0:update_13:*:*:*:*:*:*
OR
cpe:/a:sun:jre:5.0:update_14:*:*:*:*:*:*
OR
cpe:/a:sun:jre:5.0:update_15:*:*:*:*:*:*
OR
cpe:/a:sun:jre:*:update_16:*:*:*:*:*:*
(Version <= 5.0)
OR
cpe:/a:sun:jre:5.0:update_2:*:*:*:*:*:*
OR
cpe:/a:sun:jre:6:*:*:*:*:*:*:*
OR
cpe:/a:sun:jre:6:update_1:*:*:*:*:*:*
OR
cpe:/a:sun:jre:*:update_10:*:*:*:*:*:*
(Version <= 6)
OR
cpe:/a:sun:jre:6:update_2:*:*:*:*:*:*
OR
cpe:/a:sun:jre:6:update_3:*:*:*:*:*:*
OR
cpe:/a:sun:jre:6:update_4:*:*:*:*:*:*
OR
cpe:/a:sun:jre:6:update_5:*:*:*:*:*:*
OR
cpe:/a:sun:jre:6:update_6:*:*:*:*:*:*
OR
cpe:/a:sun:jre:6:update_7:*:*:*:*:*:*
OR
cpe:/a:sun:jre:6:update_8:*:*:*:*:*:*
Configuration RedHat 1
:
cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*
Configuration RedHat 2
:
cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
Configuration RedHat 3
:
cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update12:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update13:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update6:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update15:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update3:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update4:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update5:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update6:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update4:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update5:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update14:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.5.0:update16:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update7:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update8:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update9:*:*:*:*:*:*
OR
cpe:/a:sun:jre:1.6.0:update10:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update7:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update8:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update9:*:*:*:*:*:*
OR
cpe:/a:sun:jdk:1.6.0:update10:*:*:*:*:*:*
AND
cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
OR
cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*
OR
cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
OR
cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
OR
cpe:/a:novell:open_enterprise_server:-:*:*:*:*:*:*:*
OR
cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
OR
cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
OR
cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
OR
cpe:/o:canonical:ubuntu:8.10:*:*:*:*:*:*:*
OR
cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:20085349
V
CVE-2008-5349
2022-05-20
oval:org.mitre.oval:def:13408
P
USN-713-1 -- openjdk-6 vulnerabilities
2014-06-30
oval:org.mitre.oval:def:22263
P
ELSA-2008:1018: java-1.6.0-sun security update (Critical)
2014-05-26
oval:org.mitre.oval:def:22521
P
ELSA-2008:1025: java-1.5.0-sun security update (Critical)
2014-05-26
oval:org.mitre.oval:def:22921
P
ELSA-2009:1505: java-1.4.2-ibm security update (Moderate)
2014-05-26
oval:org.mitre.oval:def:22126
P
ELSA-2009:0016: java-1.5.0-ibm security update (Critical)
2014-05-26
oval:org.mitre.oval:def:5843
V
Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service
2010-01-11
oval:com.redhat.rhsa:def:20091505
P
RHSA-2009:1505: java-1.4.2-ibm security update (Moderate)
2009-10-14
oval:com.redhat.rhsa:def:20090016
P
RHSA-2009:0016: java-1.5.0-ibm security update (Critical)
2009-01-13
oval:com.redhat.rhsa:def:20081018
P
RHSA-2008:1018: java-1.6.0-sun security update (Critical)
2008-12-04
oval:com.redhat.rhsa:def:20081025
P
RHSA-2008:1025: java-1.5.0-sun security update (Critical)
2008-12-04
BACK
sun
jdk 5.0 update_1
sun
jdk 5.0 update_10
sun
jdk 5.0 update_11
sun
jdk 5.0 update_12
sun
jdk 5.0 update_13
sun
jdk 5.0 update_14
sun
jdk 5.0 update_15
sun
jdk * update_16
sun
jdk 5.0 update_2
sun
jdk 5.0 update_3
sun
jdk 6
sun
jdk 6 update_1
sun
jdk * update_10
sun
jdk 6 update_2
sun
jdk 6 update_3
sun
jdk 6 update_4
sun
jdk 6 update_5
sun
jdk 6 update_6
sun
jdk 6 update_7
sun
jdk 6 update_8
sun
jre 5.0
sun
jre 5.0 update_1
sun
jre 5.0 update_10
sun
jre 5.0 update_11
sun
jre 5.0 update_12
sun
jre 5.0 update_13
sun
jre 5.0 update_14
sun
jre 5.0 update_15
sun
jre * update_16
sun
jre 5.0 update_2
sun
jre 6
sun
jre 6 update_1
sun
jre * update_10
sun
jre 6 update_2
sun
jre 6 update_3
sun
jre 6 update_4
sun
jre 6 update_5
sun
jre 6 update_6
sun
jre 6 update_7
sun
jre 6 update_8
sun
jre 1.5.0
sun
jre 1.5.0 update3
sun
jre 1.6.0
sun
jdk 1.6.0
sun
jdk 1.5.0 update10
sun
jdk 1.5.0 update11
sun
jre 1.5.0 update7
sun
jre 1.5.0 update8
sun
jre 1.5.0 update9
sun
jre 1.5.0 update10
sun
jre 1.5.0 update11
sun
jdk 1.5.0
sun
jdk 1.5.0 update1
sun
jdk 1.5.0 update11_b03
sun
jdk 1.5.0 update12
sun
jdk 1.5.0 update2
sun
jdk 1.5.0 update3
sun
jdk 1.5.0 update4
sun
jdk 1.5.0 update5
sun
jdk 1.5.0 update6
sun
jdk 1.5.0 update7
sun
jdk 1.5.0 update7_b03
sun
jdk 1.5.0 update8
sun
jdk 1.5.0 update9
sun
jdk 1.6.0 update2
sun
jdk 1.6.0 update1
sun
jdk 1.6.0 update1_b06
sun
jdk 1.6.0 update2
sun
jre 1.5.0 update1
sun
jre 1.5.0 update12
sun
jre 1.5.0 update13
sun
jre 1.5.0 update2
sun
jre 1.5.0 update4
sun
jre 1.5.0 update5
sun
jre 1.5.0 update6
sun
jre 1.6.0 update_1
sun
jre 1.6.0 update_2
sun
jre 1.6.0 update_3
sun
jre 1.6.0 update6
sun
jre 1.5.0 update15
sun
jdk 1.5.0 update15
sun
jdk 1.6.0 update3
sun
jdk 1.6.0 update4
sun
jdk 1.6.0 update5
sun
jdk 1.6.0 update6
sun
jre 1.6.0 update4
sun
jre 1.6.0 update5
sun
jdk 1.5.0 update14
sun
jre 1.5.0 update14
sun
jdk 1.5.0 update13
sun
jdk 1.5.0 update16
sun
jre 1.5.0 update16
sun
jre 1.6.0 update7
sun
jre 1.6.0 update8
sun
jre 1.6.0 update9
sun
jre 1.6.0 update10
sun
jdk 1.6.0 update7
sun
jdk 1.6.0 update8
sun
jdk 1.6.0 update9
sun
jdk 1.6.0 update10
novell
linux desktop 9
redhat
rhel extras 3
redhat
rhel extras 4
suse
novell linux pos 9
novell
open enterprise server -
opensuse
opensuse 10.3
opensuse
opensuse 11.0
novell
suse linux enterprise server 10 sp2
canonical
ubuntu 8.10
ibm
cloud pak for security 1.7.2.0
Denotes that component is vulnerable