CVE-2008-0628: CVE-2008-0628

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-0628

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Sun Java运行时环境拒绝服务攻击漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。 JRE在处理外部实体引用时存在漏洞，攻击者可能利用此漏洞通过诱使用户处理恶意XML文档访问某些URL或导致拒绝服务。默认下Java运行时环境(JRE)允许处理外部实体引用。如果要禁止处理外部实体引用，站点可以将external general entities属性设置为FALSE。JRE中的漏洞允许即使在将external general entities属性设置为FALSE的情况下仍允许处理外部实体引用，如果用户受

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-0628

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-0628

Please Login to view more intelligence information

http://scary.beasts.org/security/CESA-2007-002.htmlx_refsource_MISC
http://securityreason.com/securityalert/3621third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/27553vdb-entryx_refsource_BID
http://secunia.com/advisories/30780third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29858third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28746third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29841third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1vendor-advisoryx_refsource_SUNALERT
http://www.securitytracker.com/id?1019292vdb-entryx_refsource_SECTRACK
http://dev2dev.bea.com/pub/advisory/277vendor-advisoryx_refsource_BEA
http://www.vupen.com/english/advisories/2008/1252vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0371vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-0245.htmlvendor-advisoryx_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xmlvendor-advisoryx_refsource_GENTOO
http://security.gentoo.org/glsa/glsa-200804-28.xmlvendor-advisoryx_refsource_GENTOO
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xmlvendor-advisoryx_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9847vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/archive/1/487434/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2008-0628

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2008-0628

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2008-0628

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-0628

III. Intelligence Information for CVE-2008-0628

IV. Related Vulnerabilities

V. Comments for CVE-2008-0628

Leave a comment