Details of VAR-200808-0175

ID

VAR-200808-0175

CVE

CVE-2008-3551

TITLE

Sun Wireless Toolkit Included with Sun Java Platform Micro Edition Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2008-006114

DESCRIPTION

Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Successful exploits will completely compromise devices running the affected software. We were not told which versions are affected. We will update this BID as more information emerges. There are multiple unidentified vulnerabilities in JavaME

Trust: 1.98

sources: NVD: CVE-2008-3551 // JVNDB: JVNDB-2008-006114 // BID: 30591 // VULHUB: VHN-33676

AFFECTED PRODUCTS

vendor:	sun	model:	wireless toolkit	scope:	eq	version:	2.5.2	Trust: 1.6
vendor:	sun	model:	java platform micro edition	scope:	eq	version:	*	Trust: 1.0
vendor:	sun microsystems	model:	java platform micro edition	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	wireless toolkit	scope:	eq	version:	2.5.2	Trust: 0.8
vendor:	sun	model:	java platform micro edition	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	java wireless toolkit	scope:	eq	version:	2.5.2	Trust: 0.3
vendor:	sun	model:	java micro edition	scope:	eq	version:	2	Trust: 0.3
vendor:	nokia	model:	series	scope:	eq	version:	400	Trust: 0.3

sources: BID: 30591 // JVNDB: JVNDB-2008-006114 // CNNVD: CNNVD-200808-100 // NVD: CVE-2008-3551

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3551
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-3551
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200808-100
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-33676
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2008-3551
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-33676
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-33676 // JVNDB: JVNDB-2008-006114 // CNNVD: CNNVD-200808-100 // NVD: CVE-2008-3551

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2008-3551

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200808-100

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200808-100

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-006114

PATCH

title:

Top Page

url:

http://www.oracle.com/us/sun/index.htm

Trust: 0.8

sources: JVNDB: JVNDB-2008-006114

EXTERNAL IDS

db:	NVD	id:	CVE-2008-3551	Trust: 2.8
db:	BID	id:	30591	Trust: 2.0
db:	JVNDB	id:	JVNDB-2008-006114	Trust: 0.8
db:	BUGTRAQ	id:	20080807 [SE-2008-01] J2ME SECURITY VULNERABILITIES 2008	Trust: 0.6
db:	XF	id:	44478	Trust: 0.6
db:	CNNVD	id:	CNNVD-200808-100	Trust: 0.6
db:	VULHUB	id:	VHN-33676	Trust: 0.1

sources: VULHUB: VHN-33676 // BID: 30591 // JVNDB: JVNDB-2008-006114 // CNNVD: CNNVD-200808-100 // NVD: CVE-2008-3551

REFERENCES

url:	http://www.securityfocus.com/bid/30591	Trust: 1.7
url:	http://www.security-explorations.com/n2press.htm	Trust: 1.7
url:	http://www.security-explorations.com/n2srp.htm	Trust: 1.7
url:	http://www.security-explorations.com/n2vendors.htm	Trust: 1.7
url:	http://www.security-explorations.com/report_toc.pdf	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/495224/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44478	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3551	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3551	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/44478	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/495224/100/0/threaded	Trust: 0.6
url:	http://java.sun.com/javame/index.jsp	Trust: 0.3
url:	/archive/1/495224	Trust: 0.3

sources: VULHUB: VHN-33676 // BID: 30591 // JVNDB: JVNDB-2008-006114 // CNNVD: CNNVD-200808-100 // NVD: CVE-2008-3551

CREDITS

Security Explorations

Trust: 0.9

sources: BID: 30591 // CNNVD: CNNVD-200808-100

SOURCES

db:	VULHUB	id:	VHN-33676
db:	BID	id:	30591
db:	JVNDB	id:	JVNDB-2008-006114
db:	CNNVD	id:	CNNVD-200808-100
db:	NVD	id:	CVE-2008-3551

LAST UPDATE DATE

2025-04-10T23:07:12.864000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-33676	date:	2018-10-11T00:00:00
db:	BID	id:	30591	date:	2016-07-05T21:38:00
db:	JVNDB	id:	JVNDB-2008-006114	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200808-100	date:	2008-09-11T00:00:00
db:	NVD	id:	CVE-2008-3551	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-33676	date:	2008-08-08T00:00:00
db:	BID	id:	30591	date:	2008-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2008-006114	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200808-100	date:	2008-08-08T00:00:00
db:	NVD	id:	CVE-2008-3551	date:	2008-08-08T19:41:00