Definition
New Search
Sun Java Runtime Environment Java Update Fails to Validate Digital Signatures
oval:org.mitre.oval:def:5664
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
Family:
unix
Status:
ACCEPTED
Platform(s):
- VMWare ESX Server 3.5
Class:
vulnerability
Reference(s):
- CVE-2008-5355
Product(s):