ID CVE-2009-3865
Summary The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
References
Vulnerable Configurations
  • Sun JDK 6 Update 1
    cpe:2.3:a:sun:jdk:1.6.0:update1
  • cpe:2.3:a:sun:jdk:1.6.0:update10
    cpe:2.3:a:sun:jdk:1.6.0:update10
  • cpe:2.3:a:sun:jdk:1.6.0:update11
    cpe:2.3:a:sun:jdk:1.6.0:update11
  • cpe:2.3:a:sun:jdk:1.6.0:update12
    cpe:2.3:a:sun:jdk:1.6.0:update12
  • cpe:2.3:a:sun:jdk:1.6.0:update13
    cpe:2.3:a:sun:jdk:1.6.0:update13
  • cpe:2.3:a:sun:jdk:1.6.0:update14
    cpe:2.3:a:sun:jdk:1.6.0:update14
  • cpe:2.3:a:sun:jdk:1.6.0:update15
    cpe:2.3:a:sun:jdk:1.6.0:update15
  • cpe:2.3:a:sun:jdk:1.6.0:update16
    cpe:2.3:a:sun:jdk:1.6.0:update16
  • Sun JDK 1.6.0_01-b06
    cpe:2.3:a:sun:jdk:1.6.0:update1_b06
  • Sun JDK 6 Update 2
    cpe:2.3:a:sun:jdk:1.6.0:update2
  • cpe:2.3:a:sun:jdk:1.6.0:update3
    cpe:2.3:a:sun:jdk:1.6.0:update3
  • cpe:2.3:a:sun:jdk:1.6.0:update4
    cpe:2.3:a:sun:jdk:1.6.0:update4
  • cpe:2.3:a:sun:jdk:1.6.0:update5
    cpe:2.3:a:sun:jdk:1.6.0:update5
  • cpe:2.3:a:sun:jdk:1.6.0:update6
    cpe:2.3:a:sun:jdk:1.6.0:update6
  • cpe:2.3:a:sun:jdk:1.6.0:update7
    cpe:2.3:a:sun:jdk:1.6.0:update7
  • cpe:2.3:a:sun:jdk:1.6.0:update8
    cpe:2.3:a:sun:jdk:1.6.0:update8
  • cpe:2.3:a:sun:jdk:1.6.0:update9
    cpe:2.3:a:sun:jdk:1.6.0:update9
  • cpe:2.3:a:sun:jre:1.6.0:update10
    cpe:2.3:a:sun:jre:1.6.0:update10
  • cpe:2.3:a:sun:jre:1.6.0:update11
    cpe:2.3:a:sun:jre:1.6.0:update11
  • cpe:2.3:a:sun:jre:1.6.0:update12
    cpe:2.3:a:sun:jre:1.6.0:update12
  • cpe:2.3:a:sun:jre:1.6.0:update13
    cpe:2.3:a:sun:jre:1.6.0:update13
  • cpe:2.3:a:sun:jre:1.6.0:update14
    cpe:2.3:a:sun:jre:1.6.0:update14
  • cpe:2.3:a:sun:jre:1.6.0:update15
    cpe:2.3:a:sun:jre:1.6.0:update15
  • cpe:2.3:a:sun:jre:1.6.0:update16
    cpe:2.3:a:sun:jre:1.6.0:update16
  • cpe:2.3:a:sun:jre:1.6.0:update4
    cpe:2.3:a:sun:jre:1.6.0:update4
  • cpe:2.3:a:sun:jre:1.6.0:update5
    cpe:2.3:a:sun:jre:1.6.0:update5
  • cpe:2.3:a:sun:jre:1.6.0:update6
    cpe:2.3:a:sun:jre:1.6.0:update6
  • cpe:2.3:a:sun:jre:1.6.0:update7
    cpe:2.3:a:sun:jre:1.6.0:update7
  • cpe:2.3:a:sun:jre:1.6.0:update8
    cpe:2.3:a:sun:jre:1.6.0:update8
  • cpe:2.3:a:sun:jre:1.6.0:update9
    cpe:2.3:a:sun:jre:1.6.0:update9
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
CVSS
Base: 9.3 (as of 05-11-2009 - 12:59)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
metasploit via4
  • description This module exploits a flaw in the setDiffICM function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
    id MSF:EXPLOIT/MULTI/BROWSER/JAVA_SETDIFFICM_BOF
    last seen 2019-03-30
    modified 2017-07-24
    published 2009-12-17
    reliability Great
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_setdifficm_bof.rb
    title Sun Java JRE AWT setDiffICM Buffer Overflow
  • description This module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
    id MSF:EXPLOIT/MULTI/BROWSER/JAVA_GETSOUNDBANK_BOF
    last seen 2019-02-12
    modified 2017-07-24
    published 2009-12-11
    reliability Great
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_getsoundbank_bof.rb
    title Sun Java JRE getSoundbank file:// URI Buffer Overflow
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200911-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 42834
    published 2009-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42834
    title GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1694.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-0217, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR7 Java release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 43597
    published 2009-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43597
    title RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1694)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_6_UPDATE1.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 1. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 43003
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43003
    title Mac OS X : Java for Mac OS X 10.6 Update 1
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20091109_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    description CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) CVE-2009-3880 OpenJDK UI logging information leakage(6664512) CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) CVE-2009-3729 JRE TrueType font parsing crash (6815780) CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969) CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar files (6870531) CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752) CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824) CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303) CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970) This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886) All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60691
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60691
    title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0002.NASL
    description a. Java JRE Security Update JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 45386
    published 2010-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45386
    title VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_JAVA-1_6_0-SUN-091113.NASL
    description The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to 'timing attack vulnerabilities,' aka Bug Id 6863503. CVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP header s, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3864: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to lev erage vulnerabilities in older releases of this software, aka Bug Id 6869694. CVE-2009-3865: The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. CVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. CVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. CVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via a crafted image file, related to a 'quanization problem,' aka Bug Id 6862968.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42853
    published 2009-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42853
    title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_JAVA-1_6_0-SUN-091113.NASL
    description The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to 'timing attack vulnerabilities,' aka Bug Id 6863503. CVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP header s, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3864: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to lev erage vulnerabilities in older releases of this software, aka Bug Id 6869694. CVE-2009-3865: The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. CVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. CVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. CVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via a crafted image file, related to a 'quanization problem,' aka Bug Id 6862968.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42851
    published 2009-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42851
    title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0002_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the bundled version of the Java Runtime Environment (JRE).
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89736
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89736
    title VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1560.NASL
    description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 42431
    published 2009-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42431
    title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-SUN-091113.NASL
    description The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : - The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. (CVE-2009-3866) - Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. (CVE-2009-3867) - Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. (CVE-2009-3869) - Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. (CVE-2009-3871) - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. (CVE-2009-3874) - The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 befor e Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to 'timing attack vulnerabilities,' aka Bug Id 6863503. (CVE-2009-3875) - Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. (CVE-2009-3876) - Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP header s, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. (CVE-2009-3877) - The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to lev erage vulnerabilities in older releases of this software, aka Bug Id 6869694. (CVE-2009-3864) - The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. (CVE-2009-3865) - Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. (CVE-2009-3868) - Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. (CVE-2009-3872) - The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via a crafted image file, related to a 'quanization problem,' aka Bug Id 6862968. (CVE-2009-3873)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42857
    published 2009-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42857
    title SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_JAVA-1_6_0-SUN-091113.NASL
    description The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to 'timing attack vulnerabilities,' aka Bug Id 6863503. CVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP header s, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3864: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to lev erage vulnerabilities in older releases of this software, aka Bug Id 6869694. CVE-2009-3865: The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. CVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. CVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. CVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via a crafted image file, related to a 'quanization problem,' aka Bug Id 6862968.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42855
    published 2009-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42855
    title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-100105.NASL
    description IBM Java 6 was updated to Service Refresh 7. The following security issues were fixed : - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A command execution vulnerability in the Java Runtime Environment Deployment Toolkit might be used to run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3865) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - A security vulnerability in the Java Web Start Installer might be used to allow an untrusted Java Web Start application to run as a trusted application and run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3866) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217) Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43872
    published 2010-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43872
    title SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1748)
  • NASL family Windows
    NASL id SUN_JAVA_JRE_269868.NASL
    description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.2_24 / 1.3.1_27. Such versions are potentially affected by the following security issues : - The Java update mechanism on non-English versions does not update the JRE when a new version is available. (269868) - A command execution vulnerability exists in the Java runtime environment deployment toolkit. (269869) - An issue in the Java web start installer may be leveraged to allow an untrusted Java web start application to run as a trusted application. (269870) - Multiple buffer and integer overflow vulnerabilities. (270474) - A security vulnerability in the JRE with verifying HMAC digests may allow authentication to be bypassed. (270475) - Two vulnerabilities in the JRE with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a denial of service. (270476) - A directory traversal vulnerability in the ICC_Profile.getInstance method allows a remote attacker to determine the existence of local International Color Consortium (ICC) profile files. (Bug #6631533) - A denial of service attack is possible via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file. (Bug #6632445) - Resurrected classloaders can still have children, which could allow a remote attacker to gain privileges via unspecified vectors. (Bug #6636650) - The Abstract Window Toolkit (AWT) does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager. (Bug #6664512) - An unspecified vulnerability in TrueType font parsing functionality may lead to a denial of service. (Bug #6815780) - The failure to clone arrays returned by the getConfigurations function could lead to multiple, unspecified vulnerabilities in the X11 and Win32GraphicsDevice subsystems. (Bug #6822057) - The TimeZone.getTimeZone method can be used by a remote attacker to determine the existence of local files via its handling of zoneinfo (aka tz) files. (Bug #6824265) - Java Web Start does not properly handle the interaction between a signed JAR file and a JNLP application or applet. (Bug #6870531)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 42373
    published 2009-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42373
    title Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_5_UPDATE6.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 6. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 43002
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43002
    title Mac OS X : Java for Mac OS X 10.5 Update 6
  • NASL family Misc.
    NASL id SUN_JAVA_JRE_269868_UNIX.NASL
    description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.2_24 / 1.3.1_27. Such versions are potentially affected by the following security issues : - The Java update mechanism on non-English versions does not update the JRE when a new version is available. (269868) - A command execution vulnerability exists in the Java runtime environment deployment toolkit. (269869) - An issue in the Java web start installer may be leveraged to allow an untrusted Java web start application to run as a trusted application. (269870) - Multiple buffer and integer overflow vulnerabilities exist. (270474) - A security vulnerability in the JRE with verifying HMAC digests may allow authentication to be bypassed. (270475) - Two vulnerabilities in the JRE with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a denial of service. (270476) - A directory traversal vulnerability in the ICC_Profile.getInstance method allows a remote attacker to determine the existence of local International Color Consortium (ICC) profile files. (Bug #6631533) - A denial of service attack is possible via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file. (Bug #6632445) - Resurrected classloaders can still have children, which could allow a remote attacker to gain privileges via unspecified vectors (Bug #6636650) - The Abstract Window Toolkit (AWT) does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager. (Bug #6664512) - An unspecified vulnerability in TrueType font parsing functionality may lead to a denial of service. (Bug #6815780) - The failure to clone arrays returned by the getConfigurations function could lead to multiple, unspecified vulnerabilities in the X11 and Win32GraphicsDevice subsystems. (Bug #6822057) - The TimeZone.getTimeZone method can be used by a remote attacker to determine the existence of local files via its handling of zoneinfo (aka tz) files. (Bug #6824265) - Java Web Start does not properly handle the interaction between a signed JAR file and a JNLP application or applet. (Bug #6870531)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64831
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64831
    title Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0043.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.3. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) Users of Red Hat Network Satellite Server 5.3 are advised to upgrade to these updated java-1.6.0-ibm packages, which resolve these issues. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44029
    published 2010-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44029
    title RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)
oval via4
accepted 2014-01-20T04:01:36.105-05:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Chris Coffin
    organization The MITRE Corporation
definition_extensions
comment VMware ESX Server 4.0 is installed
oval oval:org.mitre.oval:def:6293
description The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
family unix
id oval:org.mitre.oval:def:7562
status accepted
submitted 2010-06-01T17:30:00.000-05:00
title Sun Java Arbitrary Command Execution in JRE Deployment Toolkit
version 8
packetstorm via4
data source https://packetstormsecurity.com/files/download/84499/NETRAGARD-20091219.txt
id PACKETSTORM:84499
last seen 2016-12-05
published 2009-12-30
reporter Adriel T. Desautels
source https://packetstormsecurity.com/files/84499/Netragard-Security-Advisory-2009-12-19.html
title Netragard Security Advisory 2009-12-19
redhat via4
advisories
rhsa
id RHSA-2009:1694
refmap via4
apple
  • APPLE-SA-2009-12-03-1
  • APPLE-SA-2009-12-03-2
bid 36881
confirm
gentoo GLSA-200911-02
hp HPSBMU02799
sectrack 1023244
secunia
  • 37231
  • 37239
  • 37386
  • 37581
  • 37841
sunalert 269869
suse SUSE-SA:2009:058
vupen ADV-2009-3131
saint via4
  • bid 36881
    description Java Runtime Environment AWT setDiffICM buffer overflow
    id web_client_jre
    osvdb 59710
    title jre_awt_setdifficm
    type client
  • bid 36881
    description Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow
    osvdb 59711
    title jre_hsbparser_getsoundbank
    type client
Last major update 22-08-2016 - 22:00
Published 05-11-2009 - 11:30
Last modified 30-10-2018 - 12:26
Back to Top