what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2008-5353

Status Candidate

Overview

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".

Related Files

HP Security Bulletin HPSBMA02486 SSRT090049
Posted Feb 10, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) .

tags | advisory, java, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359
SHA-256 | d609c2737ba3ee1e6d4dc412f6776d14c47fbc01f340bfebad40833c6310c6fa
Sun Java Calendar Deserialization
Posted Oct 27, 2009
Authored by H D Moore, sf | Site metasploit.com

This Metasploit module exploits a flaw in the deserialization of Calendar objects in the Sun JVM. The payload can be either a native payload which is generated as an executable and dropped/executed on the target or a shell from within the Java applet in the target browser. The effected Java versions are JDK and JRE 6 Update 10 and earlier, JDK and JRE 5.0 Update 16 and earlier, SDK and JRE 1.4.2_18 and earlier (SDK and JRE 1.3.1 are not affected).

tags | exploit, java, shell
advisories | CVE-2008-5353
SHA-256 | c3a3d070353114691fd1636dc19113fd8a51770f2e7febb5144445c81db0b5e4
OS X Java Hardening
Posted May 27, 2009
Authored by Marc Schoenefeld

Quick write up discussing how you can harden OS X to protect yourself from the recent Java vulnerability.

tags | paper, java
systems | apple, osx
advisories | CVE-2008-5353
SHA-256 | 36bfdf78c6bf5ae2dde784a8130e4b9a24a88e86824fa590483c0cd9490d32e0
Mac OS X Java Applet Proof Of Concept
Posted May 21, 2009
Authored by Landon Fuller | Site landonf.bikemonkey.org

Mac OS X suffers from a remote command execution vulnerability via a Java applet.

tags | advisory, java, remote
systems | apple, osx
advisories | CVE-2008-5353
SHA-256 | 4580f65cf3091c4fed50937033db47032e395802553bcaaa6d9bb2f59ef1002a
HP Security Bulletin HPSBUX02411 SSRT080111
Posted Mar 11, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS).

tags | advisory, java, remote, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359
SHA-256 | b28318bad3009da063e0f7190123288b83dd2480b1134e61caefa149bf6cab47
Ubuntu Security Notice 713-1
Posted Jan 28, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-713-1 - Eleven vulnerabilities have been addressed in the openjdk-6 package on Ubuntu.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-5347, CVE-2008-5348, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, CVE-2008-5349
SHA-256 | c5eef1cafb7cff5db2f51ef30df3599561ec0ba3321a4d874f5a488e23ce961c
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close