CVE-2008-5348

Description

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.

7.1

CVSS

Severity: High

CVSS 2.0 •

EPSS 10.76% Top 10%

Vendor Advisory sun.com Vendor Advisory marc.info Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory opensuse.org Vendor Advisory sun.com Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory redhat.com

Affected: n/a n/a

References

Link	Tags
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246346-1	patch vendor advisory
http://marc.info/?l=bugtraq&m=126583436323697&w=2	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html	vendor advisory
http://secunia.com/advisories/34259	third party advisory
http://www.vupen.com/english/advisories/2009/0672	vdb entry
http://rhn.redhat.com/errata/RHSA-2008-1018.html	vendor advisory
http://secunia.com/advisories/33015	third party advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm
http://secunia.com/advisories/34889	third party advisory
http://secunia.com/advisories/34233	third party advisory
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor advisory
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html	vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019797.1-1	vendor advisory
http://marc.info/?l=bugtraq&m=123678756409861&w=2	vendor advisory
http://secunia.com/advisories/38539	third party advisory
http://secunia.com/advisories/34972	third party advisory
https://rhn.redhat.com/errata/RHSA-2009-0466.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	vendor advisory
http://secunia.com/advisories/35065	third party advisory
http://secunia.com/advisories/33528	third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6549	vdb entry signature
http://rhn.redhat.com/errata/RHSA-2008-1025.html	vendor advisory
http://www.redhat.com/support/errata/RHSA-2009-0445.html	vendor advisory
http://www.redhat.com/support/errata/RHSA-2009-0016.html	vendor advisory
http://www.us-cert.gov/cas/techalerts/TA08-340A.html	third party advisory us government resource
http://secunia.com/advisories/33709	third party advisory
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
http://secunia.com/advisories/34605	third party advisory
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	vendor advisory
http://www.redhat.com/support/errata/RHSA-2009-0015.html	vendor advisory
http://secunia.com/advisories/32991	third party advisory
http://osvdb.org/50505	vdb entry
http://www.securityfocus.com/bid/32608	vdb entry
http://secunia.com/advisories/37386	third party advisory
http://secunia.com/advisories/33710	third party advisory

Frequently Asked Questions

What is the severity of CVE-2008-5348?: CVE-2008-5348 has been scored as a high severity vulnerability.
How to fix CVE-2008-5348?: To fix CVE-2008-5348, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2008-5348 being actively exploited in the wild?: It is possible that CVE-2008-5348 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~11% probability that this vulnerability will be exploited by malicious actors in the next 30 days.