Vulnerability Details : CVE-2008-3106
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.
Exploit prediction scoring system (EPSS) score for CVE-2008-3106
Probability of exploitation activity in the next 30 days: 1.03%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3106
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-3106
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3106
- http://support.avaya.com/elmodocs2/security/ASA-2008-299.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html
- http://www.vmware.com/security/advisories/VMSA-2008-0016.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10866
- http://www.redhat.com/support/errata/RHSA-2008-0790.html
- http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm
- http://www.securitytracker.com/id?1020457
- http://www.redhat.com/support/errata/RHSA-2008-1044.html
- http://www.vupen.com/english/advisories/2008/2056/references
- http://www.redhat.com/support/errata/RHSA-2008-0594.html
-
http://support.apple.com/kb/HT3179
About the security content of Java for Mac OS X 10.5 Update 2 - Apple Support
- http://www.redhat.com/support/errata/RHSA-2008-1045.html
- http://www.securityfocus.com/bid/30143
- http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
- http://marc.info/?l=bugtraq&m=122331139823057&w=2
- http://www.vupen.com/english/advisories/2008/2740
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43658
-
http://www.us-cert.gov/cas/techalerts/TA08-193A.html
US Government Resource
- http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
- http://www.redhat.com/support/errata/RHSA-2008-0906.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
- http://www.securityfocus.com/archive/1/497041/100/0/threaded
Products affected by CVE-2008-3106
- cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:*:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*