474786 – (CVE-2008-5341) CVE-2008-5341 Java Web Start exposes username and the pathname of the JWS cache

Bug 474786 (CVE-2008-5341) - CVE-2008-5341 Java Web Start exposes username and the pathname of the JWS cache

Summary: CVE-2008-5341 Java Web Start exposes username and the pathname of the JWS cache

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-5341
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	479822 479823 489679 489680
Blocks:
TreeView+	depends on / blocked

Reported:	2008-12-05 12:00 UTC by Marc Schoenefeld
Modified:	2019-09-29 12:27 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-12-25 17:06:18 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:0016	0	normal	SHIPPED_LIVE	Critical: java-1.5.0-ibm security update	2009-01-13 21:39:54 UTC
Red Hat Product Errata	RHSA-2009:0369	0	normal	SHIPPED_LIVE	Critical: java-1.6.0-ibm security update	2009-03-25 14:52:47 UTC

Description Marc Schoenefeld 2008-12-05 12:00:15 UTC

Name: CVE-2008-5341
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341
Reference: SUNALERT:244988
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in
with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0
Update 16 and earlier, allows untrusted JWS applications to obtain the
pathname of the JWS cache and the application username via unknown
vectors.

Comment 1 Jan Lieskovsky 2008-12-08 09:06:28 UTC

Another mention of this issue:

http://secunia.com/advisories/32991/ (Point 7) )

Comment 4 errata-xmlrpc 2009-03-25 14:52:32 UTC

This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2009:0369 https://rhn.redhat.com/errata/RHSA-2009-0369.html

Comment 5 Vincent Danen 2010-12-25 17:06:18 UTC

This was addressed via:

Red Hat Enterprise Linux version 4 Extras (java-1.6.0-sun) RHSA-2008:1018
RHEL Supplementary version 5 (java-1.6.0-sun) RHSA-2008:1018
Red Hat Enterprise Linux version 4 Extras (java-1.5.0-sun) RHSA-2008:1025
RHEL Supplementary version 5 (java-1.5.0-sun) RHSA-2008:1025
Red Hat Enterprise Linux version 4 Extras (java-1.5.0-ibm) RHSA-2009:0016
RHEL Supplementary version 5 (java-1.5.0-ibm) RHSA-2009:0016
Red Hat Enterprise Linux version 4 Extras (java-1.6.0-ibm) RHSA-2009:0369
RHEL Supplementary version 5 (java-1.6.0-ibm) RHSA-2009:0369

Note You need to log in before you can comment on or make changes to this bug.