Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0628

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-0628
Last Modified 07 Mar 2011 10:05:01
Published 06 Feb 2008 04:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0628

Summary

The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.

Vulnerable Systems

Application

  • Sun Jdk 1.6

  • Sun Jre 1.6.0


References

SECUNIA - 28746

VUPEN - ADV-2008-1252

VUPEN - ADV-2008-0371

SECTRACK - 1019292

BUGTRAQ - 20080202 Sun JRE / JDK bug introduces XXE possibilities

GENTOO - GLSA-200806-11

SUNALERT - 231246

SECUNIA - 30780

MISC - http://scary.beasts.org/security/CESA-2007-002.html

BID - 27553

REDHAT - RHSA-2008:0245

GENTOO - GLSA-200804-20

SREASON - 3621

GENTOO - GLSA-200804-28

SECUNIA - 29858

SECUNIA - 29841

BEA - BEA08-201.00


Last Updated: 27 May 2016 10:46:52