Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.14809.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Network Satellite
  • Rhel Extras
Sun
  • Jdk
  • Jre
  • Sdk

Configuration 1 [-]

OR cpe:2.3:a:sun:jdk:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:sun:jre:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Extras for RHEL 3
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 cpe:/a:redhat:rhel_extras:3 RHSA-2008:0132 2008-02-14T00:00:00Z
Extras for RHEL 4
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2008:0132 2008-02-14T00:00:00Z
java-1.5.0-sun-0:1.5.0.15-1jpp.2.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2008:0186 2008-03-06T00:00:00Z
java-1.5.0-ibm-1:1.5.0.7-1jpp.2.el4 cpe:/a:redhat:rhel_extras:4 RHSA-2008:0210 2008-04-03T00:00:00Z
Red Hat Network Satellite Server v 5.1
java-1.5.0-ibm-1:1.5.0.8-1jpp.1.el4 cpe:/a:redhat:network_satellite:5.1::el4 RHSA-2008:0638 2008-08-13T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2008:0132 2008-02-14T00:00:00Z
java-1.5.0-sun-0:1.5.0.15-1jpp.2.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2008:0186 2008-03-06T00:00:00Z
java-1.5.0-ibm-1:1.5.0.7-1jpp.2.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2008:0210 2008-04-03T00:00:00Z
java-1.6.0-ibm-1:1.6.0.1-1jpp.2.el5 cpe:/a:redhat:rhel_extras:5 RHSA-2008:0267 2008-05-19T00:00:00Z

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://dev2dev.bea.com/pub/advisory/277 cve-icon cve-icon
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html cve-icon cve-icon
http://secunia.com/advisories/29239 cve-icon cve-icon
http://secunia.com/advisories/29273 cve-icon cve-icon
http://secunia.com/advisories/29498 cve-icon cve-icon
http://secunia.com/advisories/29582 cve-icon cve-icon
http://secunia.com/advisories/29841 cve-icon cve-icon
http://secunia.com/advisories/29858 cve-icon cve-icon
http://secunia.com/advisories/29897 cve-icon cve-icon
http://secunia.com/advisories/30676 cve-icon cve-icon
http://secunia.com/advisories/30780 cve-icon cve-icon
http://secunia.com/advisories/31497 cve-icon cve-icon
http://secunia.com/advisories/32018 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200804-28.xml cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233324-1 cve-icon cve-icon
http://support.apple.com/kb/HT3178 cve-icon cve-icon
http://support.apple.com/kb/HT3179 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0186.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0210.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0267.html cve-icon cve-icon
http://www.securitytracker.com/id?1019550 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA08-066A.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2008-0010.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/0770/references cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/1252 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/1856/references cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/41031 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-1192 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11813 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-1192 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T08:08:57.705Z

Reserved: 2008-03-06T00:00:00

Link: CVE-2008-1192

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2008-03-06T21:44:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1192

cve-icon Redhat

Severity : Critical

Publid Date: 2008-03-06T00:00:00Z

Links: CVE-2008-1192 - Bugzilla

cve-icon OpenCVE Enrichment

No data.