CVE-2008-5341

NameCVE-2008-5341
DescriptionUnspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs508194, 508195

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjdk-6source(unstable)(not affected)
sun-java5source(unstable)1.5.0-17-0.1medium508194
sun-java5sourcelenny1.5.0-22-0lenny1medium
sun-java6source(unstable)6-12-1medium508195
sun-java6sourcelenny6-20-0lenny1medium

Notes

[etch] - sun-java5 <no-dsa> (Non-free not supported)
- openjdk-6 <not-affected> (browser plugin is different code base)

Search for package or bug name: Reporting problems