Vulnerability CVE-2008-5357 - CERT Civis.Net

Vulnerability Name:

CVE-2008-5357 (CCN-47050)

Assigned:

2008-12-03

Published:

2008-12-03

Updated:

2019-10-09

Summary:

Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-5357

Source: CCN
Type: HP Security Bulletin HPSBUX02411 SSRT080111 rev.1
HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities

Source: CCN
Type: HP Security Bulletin HPSBMA02486 SSRT090049 rev.1
HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities

Source: IDEFENSE
Type: Patch, Vendor Advisory
20081204 Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SA:2009:007

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SR:2009:006

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SA:2009:018

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SR:2009:010

Source: HP
Type: Mailing List, Third Party Advisory
SSRT080111

Source: HP
Type: Mailing List, Third Party Advisory
SSRT090049

Source: OSVDB
Type: Broken Link
50517

Source: CCN
Type: RHSA-2008-1018
Critical: java-1.6.0-sun security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:1018

Source: CCN
Type: RHSA-2008-1025
Critical: java-1.5.0-sun security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2008:1025

Source: CCN
Type: RHSA-2009-0016
Critical: java-1.5.0-ibm security update

Source: CCN
Type: RHSA-2009-0369
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2009-0466
Low: java-1.5.0-ibm security update

Source: CCN
Type: SA32991
Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
32991

Source: SECUNIA
Type: Third Party Advisory
33015

Source: CCN
Type: SA33187
Avaya CMS Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
33187

Source: SECUNIA
Type: Third Party Advisory
33710

Source: SECUNIA
Type: Third Party Advisory
34233

Source: SECUNIA
Type: Third Party Advisory
34259

Source: SECUNIA
Type: Third Party Advisory
34447

Source: SECUNIA
Type: Third Party Advisory
34605

Source: SECUNIA
Type: Third Party Advisory
34972

Source: SECUNIA
Type: Third Party Advisory
35065

Source: SECUNIA
Type: Third Party Advisory
37386

Source: CCN
Type: SA38539
HP OpenView Network Node Manager Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
38539

Source: GENTOO
Type: Third Party Advisory
GLSA-200911-02

Source: SUNALERT
Type: Patch, Vendor Advisory
244987

Source: CCN
Type: Sun Alert ID: 244987
Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm

Source: CCN
Type: ASA-2008-485
Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm

Source: CCN
Type: ASA-2009-012
java-1.5.0-ibm security update (RHSA-2009-0016)

Source: CCN
Type: ASA-2009-084
HPSBUX02411 SSRT080111 rev.1 - HP-UX Running Java Remote Execution of Arbitrary Code and Other Vulnerabilities

Source: CCN
Type: ASA-2009-105
java-1.6.0-ibm security update (RHSA-2009-0369)

Source: CCN
Type: NORTEL BULLETIN ID: 2009009294, Rev 1
Nortel: Technical Support: Nortel Response to Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

Source: CONFIRM
Type: Third Party Advisory
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

Source: CCN
Type: OSVDB ID: 50517
Sun Java JDK / JRE TrueType Font Processing Integer Overflow

Source: REDHAT
Type: Third Party Advisory
RHSA-2009:0016

Source: REDHAT
Type: Third Party Advisory
RHSA-2009:0369

Source: BID
Type: Third Party Advisory, VDB Entry
32608

Source: CCN
Type: BID-32608
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities

Source: CERT
Type: Third Party Advisory, US Government Resource
TA08-340A

Source: VUPEN
Type: Third Party Advisory
ADV-2008-3339

Source: VUPEN
Type: Third Party Advisory
ADV-2009-0672

Source: CONFIRM
Type: Third Party Advisory
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

Source: XF
Type: Third Party Advisory, VDB Entry
jre-font-privilege-escalation(47050)

Source: XF
Type: UNKNOWN
jre-truetype-overflow(47050)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 12.04.08
Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:6505

Source: REDHAT
Type: Third Party Advisory
RHSA-2009:0466

Source: SUSE
Type: SUSE-SA:2009:001
Sun Java security problems

Source: SUSE
Type: SUSE-SA:2009:007
IBM Java 5 security problems

Source: SUSE
Type: SUSE-SA:2009:018
IBM Java security update

Source: SUSE
Type: SUSE-SR:2009:006
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2009:010
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_23:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_18:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

Configuration 2:

cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Configuration 3:

cpe:/a:sun:sdk:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:jre:1.3.1:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update1a:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update20:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update1:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update2:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update3:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update4:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update5:linux:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update17:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update16:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1:update17:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2:update18:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*

AND

cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.51:*:*:*:*:*:*:*

OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/a:hp:openview_network_node_manager:7.53:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20085357	V	CVE-2008-5357	2022-05-20
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32179	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:29409	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:29407	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:29373	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:29371	P	Security update for qemu (Important)	2021-06-02
oval:org.opensuse.security:def:32272	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:32274	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:31973	P	Security update for jakarta-taglibs-standard (Important)	2020-12-01
oval:org.opensuse.security:def:32679	P	gstreamer-0_10-plugins-good on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27950	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28585	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:28382	P	Security update for rubygem-activerecord-3_2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32782	P	rsync on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32047	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:32718	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27961	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28634	P	Security update for augeas	2020-12-01
oval:org.opensuse.security:def:27951	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28534	P	Security update for Mono	2020-12-01
oval:org.opensuse.security:def:32329	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:33420	P	Security update for OpenEXR	2020-12-01
oval:org.opensuse.security:def:32740	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28025	P	Security update for bind (Critical)	2020-12-01
oval:org.opensuse.security:def:28673	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:27952	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:28587	P	Security update for libxslt	2020-12-01
oval:org.opensuse.security:def:32416	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:33459	P	Security update for IBM Java 1.4.2	2020-12-01
oval:org.opensuse.security:def:32784	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28155	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28689	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27963	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28636	P	Security update for bash	2020-12-01
oval:org.opensuse.security:def:31959	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32572	P	libvorbis on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32331	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:33422	P	Security update for acl and libacl	2020-12-01
oval:org.opensuse.security:def:28239	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:28733	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:28027	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:28675	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:31960	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32628	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32418	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:33461	P	Security update for IBM Java 1.6.0	2020-12-01
oval:org.opensuse.security:def:28296	P	Security update for ncurses (Important)	2020-12-01
oval:org.opensuse.security:def:28157	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:28691	P	Security update for freetype2	2020-12-01
oval:org.opensuse.security:def:31971	P	Security update for jakarta-commons-collections (Moderate)	2020-12-01
oval:org.opensuse.security:def:32677	P	gpg2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31961	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:32574	P	libxslt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28380	P	Security update for rubygem-actionpack-3_2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28241	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:28735	P	Security update for kvm and libvirt	2020-12-01
oval:org.opensuse.security:def:32045	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32716	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31962	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:32630	P	acpid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27949	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28532	P	Security update for bind	2020-12-01
oval:org.opensuse.security:def:28298	P	Security update for net-snmp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32738	P	libxcrypt on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:22521	P	ELSA-2008:1025: java-1.5.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22693	P	ELSA-2009:0369: java-1.6.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22126	P	ELSA-2009:0016: java-1.5.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22263	P	ELSA-2008:1018: java-1.6.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:6505	V	Sun Java Runtime Environment TrueType font integer overflow	2010-01-11
oval:com.redhat.rhsa:def:20090369	P	RHSA-2009:0369: java-1.6.0-ibm security update (Critical)	2009-03-25
oval:com.redhat.rhsa:def:20090016	P	RHSA-2009:0016: java-1.5.0-ibm security update (Critical)	2009-01-13
oval:com.redhat.rhsa:def:20081018	P	RHSA-2008:1018: java-1.6.0-sun security update (Critical)	2008-12-04
oval:com.redhat.rhsa:def:20081025	P	RHSA-2008:1025: java-1.5.0-sun security update (Critical)	2008-12-04