VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 9, 2008· Updated Apr 23, 2026

CVE-2008-3115

CVE-2008-3115

Description

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Secure Static Versioning in Sun Java JDK/JRE improperly allows applets to execute on older JRE releases, enabling exploitation of known vulnerabilities.

Vulnerability

The Secure Static Versioning mechanism in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases [1][2]. This allows a Java applet to run on a less recent version of the JRE than intended, bypassing the static version check and potentially exposing known vulnerabilities in the older release.

Exploitation

An attacker can host a malicious webpage containing a Java applet that exploits this flaw. When a user visits the page with a vulnerable Java plugin enabled, the applet can be executed on an older, vulnerable JRE version, allowing the attacker to leverage security issues present in that older release [1].

Impact

Successful exploitation enables the attacker to execute arbitrary code within the context of the older JRE, potentially leading to system compromise, information disclosure, or other impacts depending on the specific vulnerabilities in the targeted older JRE version [2].

Mitigation

Sun released fixes in later versions: Java 6 Update 7 and later, and Java 5.0 Update 16 and later. VMware products, including VirtualCenter 2.5 Update 3, also addressed this issue by updating the bundled Java JRE packages [1][2]. Users should update to the latest supported Java version and apply vendor-specific patches.

References
  1. 'VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and'
  2. Support Content Notification - Support Portal - Broadcom support portal

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

34
  • Sun Corporation/Jdk16 versions
    cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jdk:*:update_6:*:*:*:*:*:*range: <=6
  • Sun Corporation/Jre16 versions
    cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
    • cpe:2.3:a:sun:jre:*:update_6:*:*:*:*:*:*range: <=6
  • Sun Corporation/Java JDKllm-create
    Range: <=6u6, >=5.0u6 <=5.0u15
  • Oracle Corporation/Java JREllm-fuzzy
    Range: <=6u6, >=5.0u6 <=5.0u15

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

21

News mentions

0

No linked articles in our index yet.