CVE-2008-5341 Information

Description

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier and JDK and JRE 5.0 Update 16 and earlier allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors aka CR 6727071.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-2008-1025.html http://secunia.com/advisories/32991 http://secunia.com/advisories/33015 http://secunia.com/advisories/33710 http://secunia.com/advisories/34233 http://secunia.com/advisories/34447 http://secunia.com/advisories/34605 http://secunia.com/advisories/37386 http://secunia.com/advisories/38539 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1 http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid= http://www.redhat.com/support/errata/RHSA-2009-0016.html http://www.redhat.com/support/errata/RHSA-2009-0369.html http://www.us-cert.gov/cas/techalerts/TA08-340A.html http://www.vupen.com/english/advisories/2008/3339 http://www.vupen.com/english/advisories/2009/0672 http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6529