Description
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.
Published: 2008-12-05
Score: 9.3 Critical
EPSS: 28.6% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=123678756409861&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=126583436323697&w=2 cve-icon cve-icon
http://osvdb.org/50510 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2008-1025.html cve-icon cve-icon
http://secunia.com/advisories/32991 cve-icon cve-icon
http://secunia.com/advisories/33015 cve-icon cve-icon
http://secunia.com/advisories/33528 cve-icon cve-icon
http://secunia.com/advisories/33710 cve-icon cve-icon
http://secunia.com/advisories/34233 cve-icon cve-icon
http://secunia.com/advisories/34605 cve-icon cve-icon
http://secunia.com/advisories/34889 cve-icon cve-icon
http://secunia.com/advisories/35065 cve-icon cve-icon
http://secunia.com/advisories/37386 cve-icon cve-icon
http://secunia.com/advisories/38539 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200911-02.xml cve-icon cve-icon
http://securityreason.com/securityalert/4693 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm cve-icon cve-icon
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid= cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-1018.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-0015.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-0016.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-0445.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/498907/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/32620 cve-icon cve-icon
http://www.securitytracker.com/id?1021318 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA08-340A.html cve-icon cve-icon
http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/0424 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/0672 cve-icon cve-icon
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-2086 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5601 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-2086 cve-icon
History

No history.

Subscriptions

Redhat Network Satellite Rhel Extras
Sun Jdk Jre Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T08:49:57.423Z

Reserved: 2008-05-06T00:00:00.000Z

Link: CVE-2008-2086

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-12-05T02:30:00.190

Modified: 2026-04-23T00:35:47.467

Link: CVE-2008-2086

cve-icon Redhat

Severity : Important

Publid Date: 2008-12-04T00:00:00Z

Links: CVE-2008-2086 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses