VDB

ANCHORE-2008-5355

ANCHORE-2008-5355 PUBLISHED

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

Affected Products

VendorProductVersions
Oracle CorporationOracle Java SE1.9, 0, 0
Oracle CorporationOpenJDK1.9, 0, 0

Timeline

  • Dec 5, 2008 CVE Published
  • Aug 7, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›