CVE-2008-0628

Publication date 6 February 2008

Last updated 24 July 2024

Description

The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sun-java5	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
sun-java6	8.10 intrepid	Fixed 6-04-1
	8.04 LTS hardy	Fixed 6-04-1
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-0628

CVE-2008-0628

Description

Status

References

Other references

Access our resources on patching vulnerabilities