QwikSec

Security Database

CVE

CWE

Training

CVE-2008-5355

Published: Dec 5, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

oval:org.mitre.oval:def:5664

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_GENTOO

http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf

x_refsource_CONFIRM

vendor-advisory

x_refsource_SUNALERT

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_CERT

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.