What is CVE-2008-5353?

CVE-2008-5353 is a vulnerability in N/a. Published 2008-12-05.

Is CVE-2008-5353 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-5353

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which…

EPSS: 0.895 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

SSRT090049 (x_refsource_HP, vendor-advisory)
SUSE-SA:2009:018 (vendor-advisory, x_refsource_SUSE)
34259 (x_refsource_SECUNIA, third-party-advisory)
ADV-2009-0672 (vdb-entry, x_refsource_VUPEN)
RHSA-2008:1018 (x_refsource_REDHAT, vendor-advisory)
33015 (x_refsource_SECUNIA, third-party-advisory)
support.avaya.com/elmodocs2/security/ASA-2009-012.htm (x_refsource_CONFIRM)
34889 (x_refsource_SECUNIA, third-party-advisory)
34233 (x_refsource_SECUNIA, third-party-advisory)
1021313 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2008-5353?: CVE-2008-5353 is a vulnerability in N/a. Published 2008-12-05.
Is CVE-2008-5353 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.