Launchpad.net

CVE 2008-2086

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.vsecurity.c...
REDHAT: RHSA-2008:1018
SUNALERT: 244988
REDHAT: RHSA-2008:1025
SECUNIA: 32991
SECUNIA: 33015
SREASON: 4693
SUSE: SUSE-SA:2009:007
CERT: TA08-340A
SECTRACK: 1021318
SECUNIA: 33710
REDHAT: RHSA-2009:0015
BID: 32620
SECUNIA: 33528
APPLE: APPLE-SA-2009-02-12
VUPEN: ADV-2009-0424
CONFIRM: http://support.avaya.c...
CONFIRM: http://support.avaya.c...
CONFIRM: http://www116.nortel.c...
REDHAT: RHSA-2009:0016
SECUNIA: 34233
VUPEN: ADV-2009-0672
SUSE: SUSE-SA:2009:018
SECUNIA: 34605
REDHAT: RHSA-2009:0445
SECUNIA: 34889
SUSE: SUSE-SR:2009:010
SECUNIA: 35065
OSVDB: 50510
GENTOO: GLSA-200911-02
SECUNIA: 37386
SECUNIA: 38539
CONFIRM: http://support.nortel....
HP: HPSBUX02411
HP: SSRT080111
HP: HPSBMA02486
HP: SSRT090049
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20081204 CVE-2008-2086...

Launchpad.net

CVE 2008-2086

Related bugs

References