NVD脆弱性詳細

CVE-2008-5360

概要	Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
公表日	2008年12月5日20:30
登録日	2021年1月29日13:46
最終更新日	2019年10月10日7:56

CVSS2.0 : MEDIUM
スコア	6.4
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:sun:jdk:1.5.0:-::::::
cpe:2.3:a:sun:jdk:1.5.0:update1::::::
cpe:2.3:a:sun:jdk:1.5.0:update10::::::
cpe:2.3:a:sun:jdk:1.5.0:update11::::::
cpe:2.3:a:sun:jdk:1.5.0:update11_b03::::::
cpe:2.3:a:sun:jdk:1.5.0:update12::::::
cpe:2.3:a:sun:jdk:1.5.0:update13::::::
cpe:2.3:a:sun:jdk:1.5.0:update14::::::
cpe:2.3:a:sun:jdk:1.5.0:update15::::::
cpe:2.3:a:sun:jdk:1.5.0:update16::::::
cpe:2.3:a:sun:jdk:1.5.0:update2::::::
cpe:2.3:a:sun:jdk:1.6.0:-::::::
cpe:2.3:a:sun:jdk:1.6.0:update_10::::::
cpe:2.3:a:sun:jdk:1.6.0:update_3::::::
cpe:2.3:a:sun:jdk:1.6.0:update_4::::::
cpe:2.3:a:sun:jdk:1.6.0:update_5::::::
cpe:2.3:a:sun:jdk:1.6.0:update_6::::::
cpe:2.3:a:sun:jdk:1.6.0:update_7::::::

構成2	以上	以下	より上	未満
cpe:2.3:a:sun:jre:1.3.1:::::::*
cpe:2.3:a:sun:jre:1.3.1_2:::::::*
cpe:2.3:a:sun:jre:1.3.1_03:::::::*
cpe:2.3:a:sun:jre:1.3.1_04:::::::*
cpe:2.3:a:sun:jre:1.3.1_05:::::::*
cpe:2.3:a:sun:jre:1.3.1_06:::::::*
cpe:2.3:a:sun:jre:1.3.1_07:::::::*
cpe:2.3:a:sun:jre:1.3.1_08:::::::*
cpe:2.3:a:sun:jre:1.3.1_09:::::::*
cpe:2.3:a:sun:jre:1.3.1_10:::::::*
cpe:2.3:a:sun:jre:1.3.1_11:::::::*
cpe:2.3:a:sun:jre:1.3.1_12:::::::*
cpe:2.3:a:sun:jre:1.3.1_13:::::::*
cpe:2.3:a:sun:jre:1.3.1_14:::::::*
cpe:2.3:a:sun:jre:1.3.1_15:::::::*
cpe:2.3:a:sun:jre:1.3.1_16:::::::*
cpe:2.3:a:sun:jre:1.3.1_17:::::::*
cpe:2.3:a:sun:jre:1.3.1_18:::::::*
cpe:2.3:a:sun:jre:1.3.1_19:::::::*
cpe:2.3:a:sun:jre:1.3.1_20:::::::*
cpe:2.3:a:sun:jre:1.3.1_21:::::::*
cpe:2.3:a:sun:jre:1.3.1_22:::::::*
cpe:2.3:a:sun:jre:1.3.1_23:::::::*
cpe:2.3:a:sun:jre:1.4.2:::::::*
cpe:2.3:a:sun:jre:1.4.2_1:::::::*
cpe:2.3:a:sun:jre:1.4.2_2:::::::*
cpe:2.3:a:sun:jre:1.4.2_3:::::::*
cpe:2.3:a:sun:jre:1.4.2_4:::::::*
cpe:2.3:a:sun:jre:1.4.2_5:::::::*
cpe:2.3:a:sun:jre:1.4.2_6:::::::*
cpe:2.3:a:sun:jre:1.4.2_7:::::::*
cpe:2.3:a:sun:jre:1.4.2_8:::::::*
cpe:2.3:a:sun:jre:1.4.2_9:::::::*
cpe:2.3:a:sun:jre:1.4.2_10:::::::*
cpe:2.3:a:sun:jre:1.4.2_11:::::::*
cpe:2.3:a:sun:jre:1.4.2_12:::::::*
cpe:2.3:a:sun:jre:1.4.2_13:::::::*
cpe:2.3:a:sun:jre:1.4.2_14:::::::*
cpe:2.3:a:sun:jre:1.4.2_15:::::::*
cpe:2.3:a:sun:jre:1.4.2_16:::::::*
cpe:2.3:a:sun:jre:1.4.2_17:::::::*
cpe:2.3:a:sun:jre:1.4.2_18:::::::*
cpe:2.3:a:sun:jre:1.5.0:::::::*
cpe:2.3:a:sun:jre:1.5.0:update1::::::
cpe:2.3:a:sun:jre:1.5.0:update10::::::
cpe:2.3:a:sun:jre:1.5.0:update11::::::
cpe:2.3:a:sun:jre:1.5.0:update12::::::
cpe:2.3:a:sun:jre:1.5.0:update13::::::
cpe:2.3:a:sun:jre:1.5.0:update14::::::
cpe:2.3:a:sun:jre:1.5.0:update15::::::
cpe:2.3:a:sun:jre:1.5.0:update16::::::
cpe:2.3:a:sun:jre:1.5.0:update2::::::
cpe:2.3:a:sun:jre:1.6.0:::::::*
cpe:2.3:a:sun:jre:1.6.0:update_1::::::
cpe:2.3:a:sun:jre:1.6.0:update_10::::::
cpe:2.3:a:sun:jre:1.6.0:update_2::::::
cpe:2.3:a:sun:jre:1.6.0:update_3::::::
cpe:2.3:a:sun:jre:1.6.0:update_4::::::
cpe:2.3:a:sun:jre:1.6.0:update_5::::::
cpe:2.3:a:sun:jre:1.6.0:update_6::::::

構成3	以上	以下	より上	未満
cpe:2.3:a:sun:sdk:1.3.1:::::::*
cpe:2.3:a:sun:sdk:1.3.1_01:::::::*
cpe:2.3:a:sun:sdk:1.3.1_01a:::::::*
cpe:2.3:a:sun:sdk:1.3.1_02:::::::*
cpe:2.3:a:sun:sdk:1.3.1_03:::::::*
cpe:2.3:a:sun:sdk:1.3.1_04:::::::*
cpe:2.3:a:sun:sdk:1.3.1_05:::::::*
cpe:2.3:a:sun:sdk:1.3.1_06:::::::*
cpe:2.3:a:sun:sdk:1.3.1_07:::::::*
cpe:2.3:a:sun:sdk:1.3.1_08:::::::*
cpe:2.3:a:sun:sdk:1.3.1_09:::::::*
cpe:2.3:a:sun:sdk:1.3.1_10:::::::*
cpe:2.3:a:sun:sdk:1.3.1_11:::::::*
cpe:2.3:a:sun:sdk:1.3.1_12:::::::*
cpe:2.3:a:sun:sdk:1.3.1_13:::::::*
cpe:2.3:a:sun:sdk:1.3.1_14:::::::*
cpe:2.3:a:sun:sdk:1.3.1_15:::::::*
cpe:2.3:a:sun:sdk:1.3.1_16:::::::*
cpe:2.3:a:sun:sdk:1.3.1_17:::::::*
cpe:2.3:a:sun:sdk:1.3.1_18:::::::*
cpe:2.3:a:sun:sdk:1.3.1_19:::::::*
cpe:2.3:a:sun:sdk:1.3.1_20:::::::*
cpe:2.3:a:sun:sdk:1.3.1_21:::::::*
cpe:2.3:a:sun:sdk:1.3.1_22:::::::*
cpe:2.3:a:sun:sdk:1.3.1_23:::::::*
cpe:2.3:a:sun:sdk:1.4.2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_1:::::::*
cpe:2.3:a:sun:sdk:1.4.2_02:::::::*
cpe:2.3:a:sun:sdk:1.4.2_2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_03:::::::*
cpe:2.3:a:sun:sdk:1.4.2_3:::::::*
cpe:2.3:a:sun:sdk:1.4.2_04:::::::*
cpe:2.3:a:sun:sdk:1.4.2_4:::::::*
cpe:2.3:a:sun:sdk:1.4.2_5:::::::*
cpe:2.3:a:sun:sdk:1.4.2_6:::::::*
cpe:2.3:a:sun:sdk:1.4.2_7:::::::*
cpe:2.3:a:sun:sdk:1.4.2_08:::::::*
cpe:2.3:a:sun:sdk:1.4.2_8:::::::*
cpe:2.3:a:sun:sdk:1.4.2_09:::::::*
cpe:2.3:a:sun:sdk:1.4.2_9:::::::*
cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
cpe:2.3:a:sun:sdk:1.4.2_11:::::::*
cpe:2.3:a:sun:sdk:1.4.2_12:::::::*
cpe:2.3:a:sun:sdk:1.4.2_13:::::::*
cpe:2.3:a:sun:sdk:1.4.2_14:::::::*
cpe:2.3:a:sun:sdk:1.4.2_15:::::::*
cpe:2.3:a:sun:sdk:1.4.2_16:::::::*
cpe:2.3:a:sun:sdk:1.4.2_17:::::::*
cpe:2.3:a:sun:sdk:1.4.2_18:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html	SUSE	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	SUSE	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html	SUSE	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	SUSE	Mailing List Third Party Advisory
5	http://marc.info/?l=bugtraq&m=123678756409861&w=2	HP	Mailing List Third Party Advisory
6	http://marc.info/?l=bugtraq&m=126583436323697&w=2	HP	Mailing List Third Party Advisory
7	http://rhn.redhat.com/errata/RHSA-2008-1018.html	REDHAT	Third Party Advisory
8	http://rhn.redhat.com/errata/RHSA-2008-1025.html	REDHAT	Third Party Advisory
9	http://secunia.com/advisories/32991	SECUNIA	Third Party Advisory
10	http://secunia.com/advisories/33015	SECUNIA	Third Party Advisory
11	http://secunia.com/advisories/33187	SECUNIA	Third Party Advisory
12	http://secunia.com/advisories/33528	SECUNIA	Third Party Advisory
13	http://secunia.com/advisories/33709	SECUNIA	Third Party Advisory
14	http://secunia.com/advisories/33710	SECUNIA	Third Party Advisory
15	http://secunia.com/advisories/34233	SECUNIA	Third Party Advisory
16	http://secunia.com/advisories/34259	SECUNIA	Third Party Advisory
17	http://secunia.com/advisories/34605	SECUNIA	Third Party Advisory
18	http://secunia.com/advisories/34889	SECUNIA	Third Party Advisory
19	http://secunia.com/advisories/34972	SECUNIA	Third Party Advisory
20	http://secunia.com/advisories/35065	SECUNIA	Third Party Advisory
21	http://secunia.com/advisories/37386	SECUNIA	Third Party Advisory
22	http://secunia.com/advisories/38539	SECUNIA	Third Party Advisory
23	http://security.gentoo.org/glsa/glsa-200911-02.xml	GENTOO	Third Party Advisory
24	http://sunsolve.sun.com/search/document.do?assetkey=1-26-244986-1	SUNALERT	Patch Vendor Advisory
25	http://support.avaya.com/elmodocs2/security/ASA-2008-484.htm	CONFIRM	Third Party Advisory
26	http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm	CONFIRM	Third Party Advisory
27	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=	CONFIRM	Third Party Advisory
28	http://www.redhat.com/support/errata/RHSA-2009-0015.html	REDHAT	Third Party Advisory
29	http://www.redhat.com/support/errata/RHSA-2009-0016.html	REDHAT	Third Party Advisory
30	http://www.redhat.com/support/errata/RHSA-2009-0445.html	REDHAT	Third Party Advisory
31	http://www.securityfocus.com/bid/32608	BID	Third Party Advisory VDB Entry
32	http://www.securitytracker.com/id?1021316	SECTRACK	Third Party Advisory VDB Entry
33	http://www.us-cert.gov/cas/techalerts/TA08-340A.html	CERT	Third Party Advisory US Government Resource
34	http://www.vupen.com/english/advisories/2008/3339	VUPEN	Third Party Advisory
35	http://www.vupen.com/english/advisories/2009/0672	VUPEN	Third Party Advisory
36	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf	CONFIRM	Third Party Advisory
37	https://exchange.xforce.ibmcloud.com/vulnerabilities/47045	XF	Mailing List Third Party Advisory VDB Entry
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6596	OVAL	Third Party Advisory
39	https://rhn.redhat.com/errata/RHSA-2009-0466.html	REDHAT	Third Party Advisory

共通脆弱性一覧

構成1	以上	以下	より上	未満
cpe:2.3:a:sun:jdk:1.5.0:-::::::
cpe:2.3:a:sun:jdk:1.5.0:update1::::::
cpe:2.3:a:sun:jdk:1.5.0:update10::::::
cpe:2.3:a:sun:jdk:1.5.0:update11::::::
cpe:2.3:a:sun:jdk:1.5.0:update11_b03::::::
cpe:2.3:a:sun:jdk:1.5.0:update12::::::
cpe:2.3:a:sun:jdk:1.5.0:update13::::::
cpe:2.3:a:sun:jdk:1.5.0:update14::::::
cpe:2.3:a:sun:jdk:1.5.0:update15::::::
cpe:2.3:a:sun:jdk:1.5.0:update16::::::
cpe:2.3:a:sun:jdk:1.5.0:update2::::::
cpe:2.3:a:sun:jdk:1.6.0:-::::::
cpe:2.3:a:sun:jdk:1.6.0:update_10::::::
cpe:2.3:a:sun:jdk:1.6.0:update_3::::::
cpe:2.3:a:sun:jdk:1.6.0:update_4::::::
cpe:2.3:a:sun:jdk:1.6.0:update_5::::::
cpe:2.3:a:sun:jdk:1.6.0:update_6::::::
cpe:2.3:a:sun:jdk:1.6.0:update_7::::::

構成2	以上	以下	より上	未満
cpe:2.3:a:sun:jre:1.3.1:::::::*
cpe:2.3:a:sun:jre:1.3.1_2:::::::*
cpe:2.3:a:sun:jre:1.3.1_03:::::::*
cpe:2.3:a:sun:jre:1.3.1_04:::::::*
cpe:2.3:a:sun:jre:1.3.1_05:::::::*
cpe:2.3:a:sun:jre:1.3.1_06:::::::*
cpe:2.3:a:sun:jre:1.3.1_07:::::::*
cpe:2.3:a:sun:jre:1.3.1_08:::::::*
cpe:2.3:a:sun:jre:1.3.1_09:::::::*
cpe:2.3:a:sun:jre:1.3.1_10:::::::*
cpe:2.3:a:sun:jre:1.3.1_11:::::::*
cpe:2.3:a:sun:jre:1.3.1_12:::::::*
cpe:2.3:a:sun:jre:1.3.1_13:::::::*
cpe:2.3:a:sun:jre:1.3.1_14:::::::*
cpe:2.3:a:sun:jre:1.3.1_15:::::::*
cpe:2.3:a:sun:jre:1.3.1_16:::::::*
cpe:2.3:a:sun:jre:1.3.1_17:::::::*
cpe:2.3:a:sun:jre:1.3.1_18:::::::*
cpe:2.3:a:sun:jre:1.3.1_19:::::::*
cpe:2.3:a:sun:jre:1.3.1_20:::::::*
cpe:2.3:a:sun:jre:1.3.1_21:::::::*
cpe:2.3:a:sun:jre:1.3.1_22:::::::*
cpe:2.3:a:sun:jre:1.3.1_23:::::::*
cpe:2.3:a:sun:jre:1.4.2:::::::*
cpe:2.3:a:sun:jre:1.4.2_1:::::::*
cpe:2.3:a:sun:jre:1.4.2_2:::::::*
cpe:2.3:a:sun:jre:1.4.2_3:::::::*
cpe:2.3:a:sun:jre:1.4.2_4:::::::*
cpe:2.3:a:sun:jre:1.4.2_5:::::::*
cpe:2.3:a:sun:jre:1.4.2_6:::::::*
cpe:2.3:a:sun:jre:1.4.2_7:::::::*
cpe:2.3:a:sun:jre:1.4.2_8:::::::*
cpe:2.3:a:sun:jre:1.4.2_9:::::::*
cpe:2.3:a:sun:jre:1.4.2_10:::::::*
cpe:2.3:a:sun:jre:1.4.2_11:::::::*
cpe:2.3:a:sun:jre:1.4.2_12:::::::*
cpe:2.3:a:sun:jre:1.4.2_13:::::::*
cpe:2.3:a:sun:jre:1.4.2_14:::::::*
cpe:2.3:a:sun:jre:1.4.2_15:::::::*
cpe:2.3:a:sun:jre:1.4.2_16:::::::*
cpe:2.3:a:sun:jre:1.4.2_17:::::::*
cpe:2.3:a:sun:jre:1.4.2_18:::::::*
cpe:2.3:a:sun:jre:1.5.0:::::::*
cpe:2.3:a:sun:jre:1.5.0:update1::::::
cpe:2.3:a:sun:jre:1.5.0:update10::::::
cpe:2.3:a:sun:jre:1.5.0:update11::::::
cpe:2.3:a:sun:jre:1.5.0:update12::::::
cpe:2.3:a:sun:jre:1.5.0:update13::::::
cpe:2.3:a:sun:jre:1.5.0:update14::::::
cpe:2.3:a:sun:jre:1.5.0:update15::::::
cpe:2.3:a:sun:jre:1.5.0:update16::::::
cpe:2.3:a:sun:jre:1.5.0:update2::::::
cpe:2.3:a:sun:jre:1.6.0:::::::*
cpe:2.3:a:sun:jre:1.6.0:update_1::::::
cpe:2.3:a:sun:jre:1.6.0:update_10::::::
cpe:2.3:a:sun:jre:1.6.0:update_2::::::
cpe:2.3:a:sun:jre:1.6.0:update_3::::::
cpe:2.3:a:sun:jre:1.6.0:update_4::::::
cpe:2.3:a:sun:jre:1.6.0:update_5::::::
cpe:2.3:a:sun:jre:1.6.0:update_6::::::

構成3	以上	以下	より上	未満
cpe:2.3:a:sun:sdk:1.3.1:::::::*
cpe:2.3:a:sun:sdk:1.3.1_01:::::::*
cpe:2.3:a:sun:sdk:1.3.1_01a:::::::*
cpe:2.3:a:sun:sdk:1.3.1_02:::::::*
cpe:2.3:a:sun:sdk:1.3.1_03:::::::*
cpe:2.3:a:sun:sdk:1.3.1_04:::::::*
cpe:2.3:a:sun:sdk:1.3.1_05:::::::*
cpe:2.3:a:sun:sdk:1.3.1_06:::::::*
cpe:2.3:a:sun:sdk:1.3.1_07:::::::*
cpe:2.3:a:sun:sdk:1.3.1_08:::::::*
cpe:2.3:a:sun:sdk:1.3.1_09:::::::*
cpe:2.3:a:sun:sdk:1.3.1_10:::::::*
cpe:2.3:a:sun:sdk:1.3.1_11:::::::*
cpe:2.3:a:sun:sdk:1.3.1_12:::::::*
cpe:2.3:a:sun:sdk:1.3.1_13:::::::*
cpe:2.3:a:sun:sdk:1.3.1_14:::::::*
cpe:2.3:a:sun:sdk:1.3.1_15:::::::*
cpe:2.3:a:sun:sdk:1.3.1_16:::::::*
cpe:2.3:a:sun:sdk:1.3.1_17:::::::*
cpe:2.3:a:sun:sdk:1.3.1_18:::::::*
cpe:2.3:a:sun:sdk:1.3.1_19:::::::*
cpe:2.3:a:sun:sdk:1.3.1_20:::::::*
cpe:2.3:a:sun:sdk:1.3.1_21:::::::*
cpe:2.3:a:sun:sdk:1.3.1_22:::::::*
cpe:2.3:a:sun:sdk:1.3.1_23:::::::*
cpe:2.3:a:sun:sdk:1.4.2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_1:::::::*
cpe:2.3:a:sun:sdk:1.4.2_02:::::::*
cpe:2.3:a:sun:sdk:1.4.2_2:::::::*
cpe:2.3:a:sun:sdk:1.4.2_03:::::::*
cpe:2.3:a:sun:sdk:1.4.2_3:::::::*
cpe:2.3:a:sun:sdk:1.4.2_04:::::::*
cpe:2.3:a:sun:sdk:1.4.2_4:::::::*
cpe:2.3:a:sun:sdk:1.4.2_5:::::::*
cpe:2.3:a:sun:sdk:1.4.2_6:::::::*
cpe:2.3:a:sun:sdk:1.4.2_7:::::::*
cpe:2.3:a:sun:sdk:1.4.2_08:::::::*
cpe:2.3:a:sun:sdk:1.4.2_8:::::::*
cpe:2.3:a:sun:sdk:1.4.2_09:::::::*
cpe:2.3:a:sun:sdk:1.4.2_9:::::::*
cpe:2.3:a:sun:sdk:1.4.2_10:::::::*
cpe:2.3:a:sun:sdk:1.4.2_11:::::::*
cpe:2.3:a:sun:sdk:1.4.2_12:::::::*
cpe:2.3:a:sun:sdk:1.4.2_13:::::::*
cpe:2.3:a:sun:sdk:1.4.2_14:::::::*
cpe:2.3:a:sun:sdk:1.4.2_15:::::::*
cpe:2.3:a:sun:sdk:1.4.2_16:::::::*
cpe:2.3:a:sun:sdk:1.4.2_17:::::::*
cpe:2.3:a:sun:sdk:1.4.2_18:::::::*