Bug 454601 (CVE-2008-3104)

Summary: CVE-2008-3104 Java RE allows Same Origin Policy to be Bypassed (6687932)
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kreilly
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-26 16:07:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 454628, 454632, 454633, 456880, 456881, 457470, 462076, 462486, 466734, 466735, 466736, 475760, 475765, 475766, 475767, 475768, 475769, 475819, 529660, 529661    
Bug Blocks:    

Description Marc Schoenefeld 2008-07-09 09:29:16 UTC 
Security vulnerabilities in the Java Runtime Environment may allow an untrusted
applet that is loaded from a remote system to circumvent network access
restrictions and establish socket connections to certain services running on the
local host, as if it were loaded from the system that the applet is running on.
This may allow the untrusted remote applet the ability to exploit any security
vulnerabilities existing in the services it has connected to.
Comment 13 Vincent Danen 2013-03-26 16:07:21 UTC 
This was resolved via:

http://rhn.redhat.com/errata/RHSA-2008-0595.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0955.html (RHEL3, RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0790.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0636.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0638.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0906.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0594.html (RHEL4, RHEL5)