Vulnerability Description
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | <= 6 |
| Sun | Jre | <= 6 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://secunia.com/advisories/31010Vendor Advisory
- http://secunia.com/advisories/31600
- http://secunia.com/advisories/32018
- http://secunia.com/advisories/32179
- http://secunia.com/advisories/32180
- http://secunia.com/advisories/32436
- http://secunia.com/advisories/33238
- http://secunia.com/advisories/37386
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1Patch
- http://support.apple.com/kb/HT3179
- http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
FAQ
What is CVE-2008-3109?
CVE-2008-3109 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrust...
How severe is CVE-2008-3109?
CVE-2008-3109 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3109?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre.