CVE-2008-5355

The Java Update feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Jdk	Sun	*	5.0 (including)
Jdk	Sun	*	6 (including)
Jdk	Sun	5.0-update_1 (including)	5.0-update_1 (including)
Jdk	Sun	5.0-update_10 (including)	5.0-update_10 (including)
Jdk	Sun	5.0-update_11 (including)	5.0-update_11 (including)
Jdk	Sun	5.0-update_12 (including)	5.0-update_12 (including)
Jdk	Sun	5.0-update_13 (including)	5.0-update_13 (including)
Jdk	Sun	5.0-update_14 (including)	5.0-update_14 (including)
Jdk	Sun	5.0-update_15 (including)	5.0-update_15 (including)
Jdk	Sun	5.0-update_2 (including)	5.0-update_2 (including)
Jdk	Sun	5.0-update_3 (including)	5.0-update_3 (including)
Jdk	Sun	5.0-update_4 (including)	5.0-update_4 (including)
Jdk	Sun	5.0-update_5 (including)	5.0-update_5 (including)
Jdk	Sun	5.0-update_6 (including)	5.0-update_6 (including)
Jdk	Sun	5.0-update_7 (including)	5.0-update_7 (including)
Jdk	Sun	5.0-update_8 (including)	5.0-update_8 (including)
Jdk	Sun	5.0-update_9 (including)	5.0-update_9 (including)
Jdk	Sun	6 (including)	6 (including)
Jdk	Sun	6-update_1 (including)	6-update_1 (including)
Jdk	Sun	6-update_2 (including)	6-update_2 (including)
Jdk	Sun	6-update_3 (including)	6-update_3 (including)
Jdk	Sun	6-update_4 (including)	6-update_4 (including)
Jdk	Sun	6-update_5 (including)	6-update_5 (including)
Jdk	Sun	6-update_6 (including)	6-update_6 (including)
Jdk	Sun	6-update_7 (including)	6-update_7 (including)
Jdk	Sun	6-update_8 (including)	6-update_8 (including)
Jdk	Sun	6-update_9 (including)	6-update_9 (including)
Jre	Sun	*	1.4.2_18 (including)
Jre	Sun	*	5.0 (including)
Jre	Sun	*	6 (including)
Jre	Sun	1.4.2_1 (including)	1.4.2_1 (including)
Jre	Sun	1.4.2_2 (including)	1.4.2_2 (including)
Jre	Sun	1.4.2_3 (including)	1.4.2_3 (including)
Jre	Sun	1.4.2_4 (including)	1.4.2_4 (including)
Jre	Sun	1.4.2_5 (including)	1.4.2_5 (including)
Jre	Sun	1.4.2_6 (including)	1.4.2_6 (including)
Jre	Sun	1.4.2_7 (including)	1.4.2_7 (including)
Jre	Sun	1.4.2_8 (including)	1.4.2_8 (including)
Jre	Sun	1.4.2_9 (including)	1.4.2_9 (including)
Jre	Sun	1.4.2_10 (including)	1.4.2_10 (including)
Jre	Sun	1.4.2_11 (including)	1.4.2_11 (including)
Jre	Sun	1.4.2_12 (including)	1.4.2_12 (including)
Jre	Sun	1.4.2_13 (including)	1.4.2_13 (including)
Jre	Sun	1.4.2_14 (including)	1.4.2_14 (including)
Jre	Sun	1.4.2_15 (including)	1.4.2_15 (including)
Jre	Sun	1.4.2_16 (including)	1.4.2_16 (including)
Jre	Sun	1.4.2_17 (including)	1.4.2_17 (including)
Jre	Sun	5.0 (including)	5.0 (including)
Jre	Sun	5.0-update_1 (including)	5.0-update_1 (including)
Jre	Sun	5.0-update_10 (including)	5.0-update_10 (including)
Jre	Sun	5.0-update_11 (including)	5.0-update_11 (including)
Jre	Sun	5.0-update_12 (including)	5.0-update_12 (including)
Jre	Sun	5.0-update_13 (including)	5.0-update_13 (including)
Jre	Sun	5.0-update_14 (including)	5.0-update_14 (including)
Jre	Sun	5.0-update_15 (including)	5.0-update_15 (including)
Jre	Sun	5.0-update_2 (including)	5.0-update_2 (including)
Jre	Sun	5.0-update_3 (including)	5.0-update_3 (including)
Jre	Sun	5.0-update_4 (including)	5.0-update_4 (including)
Jre	Sun	5.0-update_5 (including)	5.0-update_5 (including)
Jre	Sun	5.0-update_6 (including)	5.0-update_6 (including)
Jre	Sun	5.0-update_7 (including)	5.0-update_7 (including)
Jre	Sun	5.0-update_8 (including)	5.0-update_8 (including)
Jre	Sun	5.0-update_9 (including)	5.0-update_9 (including)
Jre	Sun	6 (including)	6 (including)
Jre	Sun	6-update_1 (including)	6-update_1 (including)
Jre	Sun	6-update_2 (including)	6-update_2 (including)
Jre	Sun	6-update_3 (including)	6-update_3 (including)
Jre	Sun	6-update_4 (including)	6-update_4 (including)
Jre	Sun	6-update_5 (including)	6-update_5 (including)
Jre	Sun	6-update_6 (including)	6-update_6 (including)
Jre	Sun	6-update_7 (including)	6-update_7 (including)
Jre	Sun	6-update_8 (including)	6-update_8 (including)
Jre	Sun	6-update_9 (including)	6-update_9 (including)
Sdk	Sun	*	1.4.2_18 (including)
Sdk	Sun	1.4.2_1 (including)	1.4.2_1 (including)
Sdk	Sun	1.4.2_2 (including)	1.4.2_2 (including)
Sdk	Sun	1.4.2_3 (including)	1.4.2_3 (including)
Sdk	Sun	1.4.2_4 (including)	1.4.2_4 (including)
Sdk	Sun	1.4.2_5 (including)	1.4.2_5 (including)
Sdk	Sun	1.4.2_6 (including)	1.4.2_6 (including)
Sdk	Sun	1.4.2_7 (including)	1.4.2_7 (including)
Sdk	Sun	1.4.2_8 (including)	1.4.2_8 (including)
Sdk	Sun	1.4.2_9 (including)	1.4.2_9 (including)
Sdk	Sun	1.4.2_10 (including)	1.4.2_10 (including)
Sdk	Sun	1.4.2_11 (including)	1.4.2_11 (including)
Sdk	Sun	1.4.2_12 (including)	1.4.2_12 (including)
Sdk	Sun	1.4.2_13 (including)	1.4.2_13 (including)
Sdk	Sun	1.4.2_14 (including)	1.4.2_14 (including)
Sdk	Sun	1.4.2_15 (including)	1.4.2_15 (including)
Sdk	Sun	1.4.2_16 (including)	1.4.2_16 (including)
Sdk	Sun	1.4.2_17 (including)	1.4.2_17 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5355
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2008-5355

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References