VYPR
Unrated severityNVD Advisory· Published Aug 1, 2008· Updated Jun 16, 2026

CVE-2008-3440

CVE-2008-3440

Description

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Affected products

5
  • cpe:2.3:a:sun:java:*:03:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:sun:java:*:03:*:*:*:*:*:*range: <=1.6.0
    • cpe:2.3:a:sun:java:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java:1.6.0:01:*:*:*:*:*:*
    • cpe:2.3:a:sun:java:1.6.0:02:*:*:*:*:*:*
    • (no CPE)range: <=1.6.0_03

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.