{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_vex", "csaf_version": "2.0", "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "title": "OpenJDK applet privilege escalation via JAX package access (6592792)", "tracking": { "current_release_date": "2026-05-12T15:07:32+00:00", "generator": { "date": "2026-05-12T15:07:32+00:00", "engine": { "name": "CSAF Generator", "version": "2.0.1" } }, "id": "CVE-2008-5347", "initial_release_date": "2008-12-03T00:00:00+00:00", "revision_history": [ { "date": "2026-05-12T15:07:32+00:00", "number": "1", "summary": "Last generated version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "category": "vendor", "name": "Red Hat", "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 5.11", "product": { "name": "Red Hat Enterprise Linux 5.11", "product_id": "rhel-5-els.extras::client", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux 5.11", "product": { "name": "Red Hat Enterprise Linux 5.11", "product_id": "rhel-5-els.extras::server", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } }, { "category": "product_version", "name": "java", "product": { "name": "java", "product_id": "java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5", "product_identification_helper": { "purl": "pkg:rpm/redhat/java@1.6.0-ibm-1.6.0.3-1jpp.1.el5?epoch=1" } } }, { "category": "product_version", "name": "java", "product": { "name": "java", "product_id": "java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5", "product_identification_helper": { "purl": "pkg:rpm/redhat/java@1.6.0-sun-1.6.0.11-1jpp.1.el5?epoch=1" } } } ] } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5 as a component of Red Hat Enterprise Linux 5.11", "product_id": "rhel-5-els.extras::server:java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5" }, "product_reference": "java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5", "relates_to_product_reference": "rhel-5-els.extras::server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5 as a component of Red Hat Enterprise Linux 5.11", "product_id": "rhel-5-els.extras::client:java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5" }, "product_reference": "java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5", "relates_to_product_reference": "rhel-5-els.extras::client" }, { "category": "default_component_of", "full_product_name": { "name": "java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5 as a component of Red Hat Enterprise Linux 5.11", "product_id": "rhel-5-els.extras::server:java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5" }, "product_reference": "java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5", "relates_to_product_reference": "rhel-5-els.extras::server" }, { "category": "default_component_of", "full_product_name": { "name": "java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5 as a component of Red Hat Enterprise Linux 5.11", "product_id": "rhel-5-els.extras::client:java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5" }, "product_reference": "java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5", "relates_to_product_reference": "rhel-5-els.extras::client" } ] }, "vulnerabilities": [ { "cve": "CVE-2008-5347", "discovery_date": "2008-11-18T00:00:00+00:00", "notes": [ { "category": "description", "text": "Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "rhel-5-els.extras::client:java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5", "rhel-5-els.extras::client:java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5", "rhel-5-els.extras::server:java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5", "rhel-5-els.extras::server:java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2008-5347" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5347" }, { "category": "external", "summary": "www.cve.org", "url": "https://www.cve.org/CVERecord?id=CVE-2008-5347" } ], "remediations": [ { "category": "vendor_fix", "date": "2008-12-04T10:45:50+00:00", "details": "Apply advisory RHSA-2008:1018 as per vendors instructions.", "product_ids": [ "rhel-5-els.extras::client:java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5", "rhel-5-els.extras::server:java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5" ], "url": "https://access.redhat.com/errata/RHSA-2008:1018" }, { "category": "vendor_fix", "date": "2009-01-13T16:33:26+00:00", "details": "Apply advisory RHSA-2009:0015 as per vendors instructions.", "product_ids": [ "rhel-5-els.extras::client:java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5", "rhel-5-els.extras::server:java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5" ], "url": "https://access.redhat.com/errata/RHSA-2009:0015" } ], "threats": [ { "category": "impact", "details": "Critical", "product_ids": [ "rhel-5-els.extras::client:java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5", "rhel-5-els.extras::client:java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5", "rhel-5-els.extras::server:java-1:1.6.0-ibm-1.6.0.3-1jpp.1.el5", "rhel-5-els.extras::server:java-1:1.6.0-sun-1.6.0.11-1jpp.1.el5" ] } ], "title": "OpenJDK applet privilege escalation via JAX package access (6592792)" } ] }