ID CVE-2009-3871
Summary Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:jdk:1.5.0:update_1
    cpe:2.3:a:sun:jdk:1.5.0:update_1
  • cpe:2.3:a:sun:jdk:1.5.0:update_10
    cpe:2.3:a:sun:jdk:1.5.0:update_10
  • cpe:2.3:a:sun:jdk:1.5.0:update_11
    cpe:2.3:a:sun:jdk:1.5.0:update_11
  • cpe:2.3:a:sun:jdk:1.5.0:update_12
    cpe:2.3:a:sun:jdk:1.5.0:update_12
  • cpe:2.3:a:sun:jdk:1.5.0:update_13
    cpe:2.3:a:sun:jdk:1.5.0:update_13
  • cpe:2.3:a:sun:jdk:1.5.0:update_14
    cpe:2.3:a:sun:jdk:1.5.0:update_14
  • cpe:2.3:a:sun:jdk:1.5.0:update_15
    cpe:2.3:a:sun:jdk:1.5.0:update_15
  • cpe:2.3:a:sun:jdk:1.5.0:update_16
    cpe:2.3:a:sun:jdk:1.5.0:update_16
  • cpe:2.3:a:sun:jdk:1.5.0:update_17
    cpe:2.3:a:sun:jdk:1.5.0:update_17
  • cpe:2.3:a:sun:jdk:1.5.0:update_18
    cpe:2.3:a:sun:jdk:1.5.0:update_18
  • cpe:2.3:a:sun:jdk:1.5.0:update_19
    cpe:2.3:a:sun:jdk:1.5.0:update_19
  • cpe:2.3:a:sun:jdk:1.5.0:update_2
    cpe:2.3:a:sun:jdk:1.5.0:update_2
  • cpe:2.3:a:sun:jdk:1.5.0:update_20
    cpe:2.3:a:sun:jdk:1.5.0:update_20
  • cpe:2.3:a:sun:jdk:1.5.0:update_21
    cpe:2.3:a:sun:jdk:1.5.0:update_21
  • cpe:2.3:a:sun:jdk:1.5.0:update_3
    cpe:2.3:a:sun:jdk:1.5.0:update_3
  • cpe:2.3:a:sun:jdk:1.5.0:update_4
    cpe:2.3:a:sun:jdk:1.5.0:update_4
  • cpe:2.3:a:sun:jdk:1.5.0:update_5
    cpe:2.3:a:sun:jdk:1.5.0:update_5
  • cpe:2.3:a:sun:jdk:1.5.0:update_6
    cpe:2.3:a:sun:jdk:1.5.0:update_6
  • cpe:2.3:a:sun:jdk:1.5.0:update_7
    cpe:2.3:a:sun:jdk:1.5.0:update_7
  • cpe:2.3:a:sun:jdk:1.5.0:update_8
    cpe:2.3:a:sun:jdk:1.5.0:update_8
  • cpe:2.3:a:sun:jdk:1.5.0:update_9
    cpe:2.3:a:sun:jdk:1.5.0:update_9
  • cpe:2.3:a:sun:jdk:1.6.0:update_1
    cpe:2.3:a:sun:jdk:1.6.0:update_1
  • Sun JDK 1.6.0 Update 10
    cpe:2.3:a:sun:jdk:1.6.0:update_10
  • Sun JDK 1.6.0 Update 11
    cpe:2.3:a:sun:jdk:1.6.0:update_11
  • Sun JDK 1.6.0 Update 12
    cpe:2.3:a:sun:jdk:1.6.0:update_12
  • Sun JDK 1.6.0 Update 13
    cpe:2.3:a:sun:jdk:1.6.0:update_13
  • Sun JDK 1.6.0 Update 14
    cpe:2.3:a:sun:jdk:1.6.0:update_14
  • Sun JDK 1.6.0 Update 15
    cpe:2.3:a:sun:jdk:1.6.0:update_15
  • Sun JDK 1.6.0 Update 16
    cpe:2.3:a:sun:jdk:1.6.0:update_16
  • Sun JDK 1.6.0 Update 3
    cpe:2.3:a:sun:jdk:1.6.0:update_3
  • Sun JDK 1.6.0 Update 4
    cpe:2.3:a:sun:jdk:1.6.0:update_4
  • Sun JDK 1.6.0 Update 5
    cpe:2.3:a:sun:jdk:1.6.0:update_5
  • Sun JDK 1.6.0 Update 6
    cpe:2.3:a:sun:jdk:1.6.0:update_6
  • Sun JDK 1.6.0 Update 7
    cpe:2.3:a:sun:jdk:1.6.0:update_7
  • cpe:2.3:a:sun:jdk:1.6.0:update_8
    cpe:2.3:a:sun:jdk:1.6.0:update_8
  • cpe:2.3:a:sun:jdk:1.6.0:update_9
    cpe:2.3:a:sun:jdk:1.6.0:update_9
  • cpe:2.3:a:sun:jre:1.5.0:update_1
    cpe:2.3:a:sun:jre:1.5.0:update_1
  • cpe:2.3:a:sun:jre:1.5.0:update_11
    cpe:2.3:a:sun:jre:1.5.0:update_11
  • cpe:2.3:a:sun:jre:1.5.0:update_12
    cpe:2.3:a:sun:jre:1.5.0:update_12
  • cpe:2.3:a:sun:jre:1.5.0:update_13
    cpe:2.3:a:sun:jre:1.5.0:update_13
  • cpe:2.3:a:sun:jre:1.5.0:update_14
    cpe:2.3:a:sun:jre:1.5.0:update_14
  • cpe:2.3:a:sun:jre:1.5.0:update_15
    cpe:2.3:a:sun:jre:1.5.0:update_15
  • cpe:2.3:a:sun:jre:1.5.0:update_16
    cpe:2.3:a:sun:jre:1.5.0:update_16
  • cpe:2.3:a:sun:jre:1.5.0:update_17
    cpe:2.3:a:sun:jre:1.5.0:update_17
  • cpe:2.3:a:sun:jre:1.5.0:update_18
    cpe:2.3:a:sun:jre:1.5.0:update_18
  • cpe:2.3:a:sun:jre:1.5.0:update_19
    cpe:2.3:a:sun:jre:1.5.0:update_19
  • cpe:2.3:a:sun:jre:1.5.0:update_2
    cpe:2.3:a:sun:jre:1.5.0:update_2
  • cpe:2.3:a:sun:jre:1.5.0:update_20
    cpe:2.3:a:sun:jre:1.5.0:update_20
  • cpe:2.3:a:sun:jre:1.5.0:update_21
    cpe:2.3:a:sun:jre:1.5.0:update_21
  • cpe:2.3:a:sun:jre:1.5.0:update_3
    cpe:2.3:a:sun:jre:1.5.0:update_3
  • cpe:2.3:a:sun:jre:1.5.0:update_4
    cpe:2.3:a:sun:jre:1.5.0:update_4
  • cpe:2.3:a:sun:jre:1.5.0:update_5
    cpe:2.3:a:sun:jre:1.5.0:update_5
  • cpe:2.3:a:sun:jre:1.5.0:update_6
    cpe:2.3:a:sun:jre:1.5.0:update_6
  • cpe:2.3:a:sun:jre:1.5.0:update_7
    cpe:2.3:a:sun:jre:1.5.0:update_7
  • cpe:2.3:a:sun:jre:1.5.0:update_8
    cpe:2.3:a:sun:jre:1.5.0:update_8
  • cpe:2.3:a:sun:jre:1.5.0:update_9
    cpe:2.3:a:sun:jre:1.5.0:update_9
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0 Update 10
    cpe:2.3:a:sun:jre:1.6.0:update_10
  • Sun JRE 1.6.0 Update 11
    cpe:2.3:a:sun:jre:1.6.0:update_11
  • Sun JRE 1.6.0 Update 12
    cpe:2.3:a:sun:jre:1.6.0:update_12
  • Sun JRE 1.6.0 Update 13
    cpe:2.3:a:sun:jre:1.6.0:update_13
  • Sun JRE 1.6.0 Update 14
    cpe:2.3:a:sun:jre:1.6.0:update_14
  • Sun JRE 1.6.0 Update 15
    cpe:2.3:a:sun:jre:1.6.0:update_15
  • Sun JRE 1.6.0 Update 16
    cpe:2.3:a:sun:jre:1.6.0:update_16
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
  • Sun JRE 1.6.0 Update 4
    cpe:2.3:a:sun:jre:1.6.0:update_4
  • Sun JRE 1.6.0 Update 5
    cpe:2.3:a:sun:jre:1.6.0:update_5
  • Sun JRE 1.6.0 Update 6
    cpe:2.3:a:sun:jre:1.6.0:update_6
  • Sun JRE 1.6.0 Update 7
    cpe:2.3:a:sun:jre:1.6.0:update_7
  • cpe:2.3:a:sun:jre:1.6.0:update_8
    cpe:2.3:a:sun:jre:1.6.0:update_8
  • Sun JRE 1.6.0 Update 9
    cpe:2.3:a:sun:jre:1.6.0:update_9
  • Sun JRE 1.4.2_1
    cpe:2.3:a:sun:jre:1.4.2_1
  • Sun JRE 1.4.2_2
    cpe:2.3:a:sun:jre:1.4.2_2
  • Sun JRE 1.4.2_3
    cpe:2.3:a:sun:jre:1.4.2_3
  • Sun JRE 1.4.2_4
    cpe:2.3:a:sun:jre:1.4.2_4
  • Sun JRE 1.4.2_5
    cpe:2.3:a:sun:jre:1.4.2_5
  • Sun JRE 1.4.2_6
    cpe:2.3:a:sun:jre:1.4.2_6
  • Sun JRE 1.4.2_7
    cpe:2.3:a:sun:jre:1.4.2_7
  • Sun JRE 1.4.2_8
    cpe:2.3:a:sun:jre:1.4.2_8
  • Sun JRE 1.4.2_9
    cpe:2.3:a:sun:jre:1.4.2_9
  • Sun JRE 1.4.2_10
    cpe:2.3:a:sun:jre:1.4.2_10
  • Sun JRE 1.4.2_11
    cpe:2.3:a:sun:jre:1.4.2_11
  • Sun JRE 1.4.2_12
    cpe:2.3:a:sun:jre:1.4.2_12
  • Sun JRE 1.4.2_13
    cpe:2.3:a:sun:jre:1.4.2_13
  • Sun JRE 1.4.2_14
    cpe:2.3:a:sun:jre:1.4.2_14
  • Sun JRE 1.4.2_15
    cpe:2.3:a:sun:jre:1.4.2_15
  • Sun JRE 1.4.2_16
    cpe:2.3:a:sun:jre:1.4.2_16
  • Sun JRE 1.4.2_17
    cpe:2.3:a:sun:jre:1.4.2_17
  • Sun JRE 1.4.2_18
    cpe:2.3:a:sun:jre:1.4.2_18
  • Sun JRE 1.4.2_19
    cpe:2.3:a:sun:jre:1.4.2_19
  • Sun JRE 1.4.2_20
    cpe:2.3:a:sun:jre:1.4.2_20
  • Sun JRE 1.4.2_21
    cpe:2.3:a:sun:jre:1.4.2_21
  • Sun JRE 1.4.2_22
    cpe:2.3:a:sun:jre:1.4.2_22
  • Sun SDK 1.4.2_1
    cpe:2.3:a:sun:sdk:1.4.2_1
  • Sun SDK 1.4.2_2
    cpe:2.3:a:sun:sdk:1.4.2_2
  • Sun SDK 1.4.2_3
    cpe:2.3:a:sun:sdk:1.4.2_3
  • Sun SDK 1.4.2_4
    cpe:2.3:a:sun:sdk:1.4.2_4
  • Sun SDK 1.4.2_5
    cpe:2.3:a:sun:sdk:1.4.2_5
  • Sun SDK 1.4.2_6
    cpe:2.3:a:sun:sdk:1.4.2_6
  • Sun SDK 1.4.2_7
    cpe:2.3:a:sun:sdk:1.4.2_7
  • Sun SDK 1.4.2_8
    cpe:2.3:a:sun:sdk:1.4.2_8
  • Sun SDK 1.4.2_9
    cpe:2.3:a:sun:sdk:1.4.2_9
  • Sun SDK 1.4.2_10
    cpe:2.3:a:sun:sdk:1.4.2_10
  • Sun SDK 1.4.2_11
    cpe:2.3:a:sun:sdk:1.4.2_11
  • Sun SDK 1.4.2_12
    cpe:2.3:a:sun:sdk:1.4.2_12
  • Sun SDK 1.4.2_13
    cpe:2.3:a:sun:sdk:1.4.2_13
  • Sun SDK 1.4.2_14
    cpe:2.3:a:sun:sdk:1.4.2_14
  • Sun SDK 1.4.2_15
    cpe:2.3:a:sun:sdk:1.4.2_15
  • Sun SDK 1.4.2_16
    cpe:2.3:a:sun:sdk:1.4.2_16
  • Sun SDK1.4.2_17
    cpe:2.3:a:sun:sdk:1.4.2_17
  • Sun SDK1.4.2_18
    cpe:2.3:a:sun:sdk:1.4.2_18
  • Sun SDK 1.4.2_19
    cpe:2.3:a:sun:sdk:1.4.2_19
  • Sun SDK 1.4.2_20
    cpe:2.3:a:sun:sdk:1.4.2_20
  • Sun SDK 1.4.2_21
    cpe:2.3:a:sun:sdk:1.4.2_21
  • SDK 1.4.2_22
    cpe:2.3:a:sun:sdk:1.4.2_22
  • Sun Solaris
    cpe:2.3:o:sun:solaris
  • cpe:2.3:a:sun:jre:1.3.1_01
    cpe:2.3:a:sun:jre:1.3.1_01
  • cpe:2.3:a:sun:jre:1.3.1_01a
    cpe:2.3:a:sun:jre:1.3.1_01a
  • cpe:2.3:a:sun:jre:1.3.1_02
    cpe:2.3:a:sun:jre:1.3.1_02
  • Sun JRE 1.3.1_03
    cpe:2.3:a:sun:jre:1.3.1_03
  • Sun JRE 1.3.1_04
    cpe:2.3:a:sun:jre:1.3.1_04
  • Sun JRE 1.3.1_05
    cpe:2.3:a:sun:jre:1.3.1_05
  • Sun JRE 1.3.1_06
    cpe:2.3:a:sun:jre:1.3.1_06
  • Sun JRE 1.3.1_07
    cpe:2.3:a:sun:jre:1.3.1_07
  • Sun JRE 1.3.1_08
    cpe:2.3:a:sun:jre:1.3.1_08
  • Sun JRE 1.3.1_09
    cpe:2.3:a:sun:jre:1.3.1_09
  • Sun JRE 1.3.1_10
    cpe:2.3:a:sun:jre:1.3.1_10
  • Sun JRE 1.3.1_11
    cpe:2.3:a:sun:jre:1.3.1_11
  • Sun JRE 1.3.1_12
    cpe:2.3:a:sun:jre:1.3.1_12
  • Sun JRE 1.3.1_13
    cpe:2.3:a:sun:jre:1.3.1_13
  • Sun JRE 1.3.1_14
    cpe:2.3:a:sun:jre:1.3.1_14
  • Sun JRE 1.3.1_15
    cpe:2.3:a:sun:jre:1.3.1_15
  • Sun JRE 1.3.1_16
    cpe:2.3:a:sun:jre:1.3.1_16
  • Sun JRE 1.3.1_17
    cpe:2.3:a:sun:jre:1.3.1_17
  • Sun JRE 1.3.1_18
    cpe:2.3:a:sun:jre:1.3.1_18
  • Sun JRE 1.3.1_19
    cpe:2.3:a:sun:jre:1.3.1_19
  • Sun JRE 1.3.1_20
    cpe:2.3:a:sun:jre:1.3.1_20
  • Sun JRE 1.3.1_21
    cpe:2.3:a:sun:jre:1.3.1_21
  • Sun JRE 1.3.1_22
    cpe:2.3:a:sun:jre:1.3.1_22
  • Sun JRE 1.3.1_23
    cpe:2.3:a:sun:jre:1.3.1_23
  • Sun JRE 1.3.1_24
    cpe:2.3:a:sun:jre:1.3.1_24
  • Sun JRE 1.3.1_25
    cpe:2.3:a:sun:jre:1.3.1_25
  • Sun SDK 1.3.1_01
    cpe:2.3:a:sun:sdk:1.3.1_01
  • Sun SDK 1.3.1_01a
    cpe:2.3:a:sun:sdk:1.3.1_01a
  • Sun SDK 1.3.1_02
    cpe:2.3:a:sun:sdk:1.3.1_02
  • Sun SDK 1.3.1_03
    cpe:2.3:a:sun:sdk:1.3.1_03
  • Sun SDK 1.3.1_04
    cpe:2.3:a:sun:sdk:1.3.1_04
  • Sun SDK 1.3.1_05
    cpe:2.3:a:sun:sdk:1.3.1_05
  • Sun SDK 1.3.1_06
    cpe:2.3:a:sun:sdk:1.3.1_06
  • cpe:2.3:a:sun:sdk:1.3.1_7
    cpe:2.3:a:sun:sdk:1.3.1_7
  • cpe:2.3:a:sun:sdk:1.3.1_8
    cpe:2.3:a:sun:sdk:1.3.1_8
  • cpe:2.3:a:sun:sdk:1.3.1_9
    cpe:2.3:a:sun:sdk:1.3.1_9
  • Sun SDK 1.3.1_10
    cpe:2.3:a:sun:sdk:1.3.1_10
  • Sun SDK 1.3.1_11
    cpe:2.3:a:sun:sdk:1.3.1_11
  • Sun SDK 1.3.1_12
    cpe:2.3:a:sun:sdk:1.3.1_12
  • Sun SDK 1.3.1_13
    cpe:2.3:a:sun:sdk:1.3.1_13
  • Sun SDK 1.3.1_14
    cpe:2.3:a:sun:sdk:1.3.1_14
  • Sun SDK 1.3.1_15
    cpe:2.3:a:sun:sdk:1.3.1_15
  • Sun SDK 1.3.1_16
    cpe:2.3:a:sun:sdk:1.3.1_16
  • Sun SDK 1.3.1_17
    cpe:2.3:a:sun:sdk:1.3.1_17
  • Sun SDK 1.3.1_18
    cpe:2.3:a:sun:sdk:1.3.1_18
  • Sun SDK 1.3.1_19
    cpe:2.3:a:sun:sdk:1.3.1_19
  • Sun SDK 1.3.1_20
    cpe:2.3:a:sun:sdk:1.3.1_20
  • Sun SDK 1.3.1_21
    cpe:2.3:a:sun:sdk:1.3.1_21
  • Sun SDK 1.3.1_22
    cpe:2.3:a:sun:sdk:1.3.1_22
  • Sun SDK 1.3.1_23
    cpe:2.3:a:sun:sdk:1.3.1_23
  • Sun SDK 1.3.1_24
    cpe:2.3:a:sun:sdk:1.3.1_24
  • Sun SDK 1.3.1_25
    cpe:2.3:a:sun:sdk:1.3.1_25
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • cpe:2.3:a:sun:java_se:-:business
    cpe:2.3:a:sun:java_se:-:business
  • cpe:2.3:a:sun:jdk:1.5.0:update_1
    cpe:2.3:a:sun:jdk:1.5.0:update_1
  • cpe:2.3:a:sun:jdk:1.5.0:update_10
    cpe:2.3:a:sun:jdk:1.5.0:update_10
  • cpe:2.3:a:sun:jdk:1.5.0:update_11
    cpe:2.3:a:sun:jdk:1.5.0:update_11
  • cpe:2.3:a:sun:jdk:1.5.0:update_12
    cpe:2.3:a:sun:jdk:1.5.0:update_12
  • cpe:2.3:a:sun:jdk:1.5.0:update_13
    cpe:2.3:a:sun:jdk:1.5.0:update_13
  • cpe:2.3:a:sun:jdk:1.5.0:update_14
    cpe:2.3:a:sun:jdk:1.5.0:update_14
  • cpe:2.3:a:sun:jdk:1.5.0:update_15
    cpe:2.3:a:sun:jdk:1.5.0:update_15
  • cpe:2.3:a:sun:jdk:1.5.0:update_16
    cpe:2.3:a:sun:jdk:1.5.0:update_16
  • cpe:2.3:a:sun:jdk:1.5.0:update_17
    cpe:2.3:a:sun:jdk:1.5.0:update_17
  • cpe:2.3:a:sun:jdk:1.5.0:update_18
    cpe:2.3:a:sun:jdk:1.5.0:update_18
  • cpe:2.3:a:sun:jdk:1.5.0:update_19
    cpe:2.3:a:sun:jdk:1.5.0:update_19
  • cpe:2.3:a:sun:jdk:1.5.0:update_2
    cpe:2.3:a:sun:jdk:1.5.0:update_2
  • cpe:2.3:a:sun:jdk:1.5.0:update_20
    cpe:2.3:a:sun:jdk:1.5.0:update_20
  • cpe:2.3:a:sun:jdk:1.5.0:update_21
    cpe:2.3:a:sun:jdk:1.5.0:update_21
  • cpe:2.3:a:sun:jdk:1.5.0:update_3
    cpe:2.3:a:sun:jdk:1.5.0:update_3
  • cpe:2.3:a:sun:jdk:1.5.0:update_4
    cpe:2.3:a:sun:jdk:1.5.0:update_4
  • cpe:2.3:a:sun:jdk:1.5.0:update_5
    cpe:2.3:a:sun:jdk:1.5.0:update_5
  • cpe:2.3:a:sun:jdk:1.5.0:update_6
    cpe:2.3:a:sun:jdk:1.5.0:update_6
  • cpe:2.3:a:sun:jdk:1.5.0:update_7
    cpe:2.3:a:sun:jdk:1.5.0:update_7
  • cpe:2.3:a:sun:jdk:1.5.0:update_8
    cpe:2.3:a:sun:jdk:1.5.0:update_8
  • cpe:2.3:a:sun:jdk:1.5.0:update_9
    cpe:2.3:a:sun:jdk:1.5.0:update_9
  • Sun JDK 6 Update 2
    cpe:2.3:a:sun:jdk:1.6.0:update2
  • cpe:2.3:a:sun:jdk:1.6.0:update_1
    cpe:2.3:a:sun:jdk:1.6.0:update_1
  • Sun JDK 1.6.0 Update 10
    cpe:2.3:a:sun:jdk:1.6.0:update_10
  • Sun JDK 1.6.0 Update 11
    cpe:2.3:a:sun:jdk:1.6.0:update_11
  • Sun JDK 1.6.0 Update 12
    cpe:2.3:a:sun:jdk:1.6.0:update_12
  • Sun JDK 1.6.0 Update 13
    cpe:2.3:a:sun:jdk:1.6.0:update_13
  • Sun JDK 1.6.0 Update 14
    cpe:2.3:a:sun:jdk:1.6.0:update_14
  • Sun JDK 1.6.0 Update 15
    cpe:2.3:a:sun:jdk:1.6.0:update_15
  • Sun JDK 1.6.0 Update 16
    cpe:2.3:a:sun:jdk:1.6.0:update_16
  • Sun JDK 1.6.0 Update 3
    cpe:2.3:a:sun:jdk:1.6.0:update_3
  • Sun JDK 1.6.0 Update 4
    cpe:2.3:a:sun:jdk:1.6.0:update_4
  • Sun JDK 1.6.0 Update 5
    cpe:2.3:a:sun:jdk:1.6.0:update_5
  • Sun JDK 1.6.0 Update 6
    cpe:2.3:a:sun:jdk:1.6.0:update_6
  • Sun JDK 1.6.0 Update 7
    cpe:2.3:a:sun:jdk:1.6.0:update_7
  • cpe:2.3:a:sun:jdk:1.6.0:update_8
    cpe:2.3:a:sun:jdk:1.6.0:update_8
  • cpe:2.3:a:sun:jdk:1.6.0:update_9
    cpe:2.3:a:sun:jdk:1.6.0:update_9
  • Sun JRE 1.4.2_1
    cpe:2.3:a:sun:jre:1.4.2_1
  • Sun JRE 1.4.2_2
    cpe:2.3:a:sun:jre:1.4.2_2
  • Sun JRE 1.4.2_3
    cpe:2.3:a:sun:jre:1.4.2_3
  • Sun JRE 1.4.2_4
    cpe:2.3:a:sun:jre:1.4.2_4
  • Sun JRE 1.4.2_5
    cpe:2.3:a:sun:jre:1.4.2_5
  • Sun JRE 1.4.2_6
    cpe:2.3:a:sun:jre:1.4.2_6
  • Sun JRE 1.4.2_7
    cpe:2.3:a:sun:jre:1.4.2_7
  • Sun JRE 1.4.2_8
    cpe:2.3:a:sun:jre:1.4.2_8
  • Sun JRE 1.4.2_9
    cpe:2.3:a:sun:jre:1.4.2_9
  • Sun JRE 1.4.2_10
    cpe:2.3:a:sun:jre:1.4.2_10
  • Sun JRE 1.4.2_11
    cpe:2.3:a:sun:jre:1.4.2_11
  • Sun JRE 1.4.2_12
    cpe:2.3:a:sun:jre:1.4.2_12
  • Sun JRE 1.4.2_13
    cpe:2.3:a:sun:jre:1.4.2_13
  • Sun JRE 1.4.2_14
    cpe:2.3:a:sun:jre:1.4.2_14
  • Sun JRE 1.4.2_15
    cpe:2.3:a:sun:jre:1.4.2_15
  • Sun JRE 1.4.2_16
    cpe:2.3:a:sun:jre:1.4.2_16
  • Sun JRE 1.4.2_17
    cpe:2.3:a:sun:jre:1.4.2_17
  • Sun JRE 1.4.2_18
    cpe:2.3:a:sun:jre:1.4.2_18
  • Sun JRE 1.4.2_19
    cpe:2.3:a:sun:jre:1.4.2_19
  • Sun JRE 1.4.2_20
    cpe:2.3:a:sun:jre:1.4.2_20
  • Sun JRE 1.4.2_21
    cpe:2.3:a:sun:jre:1.4.2_21
  • Sun JRE 1.4.2_22
    cpe:2.3:a:sun:jre:1.4.2_22
  • cpe:2.3:a:sun:jre:1.5.0:update_1
    cpe:2.3:a:sun:jre:1.5.0:update_1
  • cpe:2.3:a:sun:jre:1.5.0:update_11
    cpe:2.3:a:sun:jre:1.5.0:update_11
  • cpe:2.3:a:sun:jre:1.5.0:update_12
    cpe:2.3:a:sun:jre:1.5.0:update_12
  • cpe:2.3:a:sun:jre:1.5.0:update_13
    cpe:2.3:a:sun:jre:1.5.0:update_13
  • cpe:2.3:a:sun:jre:1.5.0:update_14
    cpe:2.3:a:sun:jre:1.5.0:update_14
  • cpe:2.3:a:sun:jre:1.5.0:update_15
    cpe:2.3:a:sun:jre:1.5.0:update_15
  • cpe:2.3:a:sun:jre:1.5.0:update_16
    cpe:2.3:a:sun:jre:1.5.0:update_16
  • cpe:2.3:a:sun:jre:1.5.0:update_17
    cpe:2.3:a:sun:jre:1.5.0:update_17
  • cpe:2.3:a:sun:jre:1.5.0:update_18
    cpe:2.3:a:sun:jre:1.5.0:update_18
  • cpe:2.3:a:sun:jre:1.5.0:update_19
    cpe:2.3:a:sun:jre:1.5.0:update_19
  • cpe:2.3:a:sun:jre:1.5.0:update_2
    cpe:2.3:a:sun:jre:1.5.0:update_2
  • cpe:2.3:a:sun:jre:1.5.0:update_20
    cpe:2.3:a:sun:jre:1.5.0:update_20
  • cpe:2.3:a:sun:jre:1.5.0:update_21
    cpe:2.3:a:sun:jre:1.5.0:update_21
  • cpe:2.3:a:sun:jre:1.5.0:update_3
    cpe:2.3:a:sun:jre:1.5.0:update_3
  • cpe:2.3:a:sun:jre:1.5.0:update_4
    cpe:2.3:a:sun:jre:1.5.0:update_4
  • cpe:2.3:a:sun:jre:1.5.0:update_5
    cpe:2.3:a:sun:jre:1.5.0:update_5
  • cpe:2.3:a:sun:jre:1.5.0:update_6
    cpe:2.3:a:sun:jre:1.5.0:update_6
  • cpe:2.3:a:sun:jre:1.5.0:update_7
    cpe:2.3:a:sun:jre:1.5.0:update_7
  • cpe:2.3:a:sun:jre:1.5.0:update_8
    cpe:2.3:a:sun:jre:1.5.0:update_8
  • cpe:2.3:a:sun:jre:1.5.0:update_9
    cpe:2.3:a:sun:jre:1.5.0:update_9
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0 Update 10
    cpe:2.3:a:sun:jre:1.6.0:update_10
  • Sun JRE 1.6.0 Update 11
    cpe:2.3:a:sun:jre:1.6.0:update_11
  • Sun JRE 1.6.0 Update 12
    cpe:2.3:a:sun:jre:1.6.0:update_12
  • Sun JRE 1.6.0 Update 13
    cpe:2.3:a:sun:jre:1.6.0:update_13
  • Sun JRE 1.6.0 Update 14
    cpe:2.3:a:sun:jre:1.6.0:update_14
  • Sun JRE 1.6.0 Update 15
    cpe:2.3:a:sun:jre:1.6.0:update_15
  • Sun JRE 1.6.0 Update 16
    cpe:2.3:a:sun:jre:1.6.0:update_16
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
  • Sun JRE 1.6.0 Update 4
    cpe:2.3:a:sun:jre:1.6.0:update_4
  • Sun JRE 1.6.0 Update 5
    cpe:2.3:a:sun:jre:1.6.0:update_5
  • Sun JRE 1.6.0 Update 6
    cpe:2.3:a:sun:jre:1.6.0:update_6
  • Sun JRE 1.6.0 Update 7
    cpe:2.3:a:sun:jre:1.6.0:update_7
  • cpe:2.3:a:sun:jre:1.6.0:update_8
    cpe:2.3:a:sun:jre:1.6.0:update_8
  • Sun JRE 1.6.0 Update 9
    cpe:2.3:a:sun:jre:1.6.0:update_9
  • Sun SDK 1.4.2_1
    cpe:2.3:a:sun:sdk:1.4.2_1
  • Sun SDK 1.4.2_2
    cpe:2.3:a:sun:sdk:1.4.2_2
  • Sun SDK 1.4.2_3
    cpe:2.3:a:sun:sdk:1.4.2_3
  • Sun SDK 1.4.2_4
    cpe:2.3:a:sun:sdk:1.4.2_4
  • Sun SDK 1.4.2_5
    cpe:2.3:a:sun:sdk:1.4.2_5
  • Sun SDK 1.4.2_6
    cpe:2.3:a:sun:sdk:1.4.2_6
  • Sun SDK 1.4.2_7
    cpe:2.3:a:sun:sdk:1.4.2_7
  • Sun SDK 1.4.2_8
    cpe:2.3:a:sun:sdk:1.4.2_8
  • Sun SDK 1.4.2_9
    cpe:2.3:a:sun:sdk:1.4.2_9
  • Sun SDK 1.4.2_10
    cpe:2.3:a:sun:sdk:1.4.2_10
  • Sun SDK 1.4.2_11
    cpe:2.3:a:sun:sdk:1.4.2_11
  • Sun SDK 1.4.2_12
    cpe:2.3:a:sun:sdk:1.4.2_12
  • Sun SDK 1.4.2_13
    cpe:2.3:a:sun:sdk:1.4.2_13
  • Sun SDK 1.4.2_14
    cpe:2.3:a:sun:sdk:1.4.2_14
  • Sun SDK 1.4.2_15
    cpe:2.3:a:sun:sdk:1.4.2_15
  • Sun SDK 1.4.2_16
    cpe:2.3:a:sun:sdk:1.4.2_16
  • Sun SDK1.4.2_17
    cpe:2.3:a:sun:sdk:1.4.2_17
  • Sun SDK1.4.2_18
    cpe:2.3:a:sun:sdk:1.4.2_18
  • Sun SDK 1.4.2_19
    cpe:2.3:a:sun:sdk:1.4.2_19
  • Sun SDK 1.4.2_20
    cpe:2.3:a:sun:sdk:1.4.2_20
  • Sun SDK 1.4.2_21
    cpe:2.3:a:sun:sdk:1.4.2_21
  • SDK 1.4.2_22
    cpe:2.3:a:sun:sdk:1.4.2_22
CVSS
Base: 9.3 (as of 05-11-2009 - 15:00)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
metasploit via4
  • description This module exploits a flaw in the setDiffICM function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
    id MSF:EXPLOIT/MULTI/BROWSER/JAVA_SETDIFFICM_BOF
    last seen 2019-03-30
    modified 2017-07-24
    published 2009-12-17
    reliability Great
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_setdifficm_bof.rb
    title Sun Java JRE AWT setDiffICM Buffer Overflow
  • description This module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
    id MSF:EXPLOIT/MULTI/BROWSER/JAVA_GETSOUNDBANK_BOF
    last seen 2019-02-12
    modified 2017-07-24
    published 2009-12-11
    reliability Great
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_getsoundbank_bof.rb
    title Sun Java JRE getSoundbank file:// URI Buffer Overflow
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-084.NASL
    description Multiple Java OpenJDK security vulnerabilities has been identified and fixed : - TLS: MITM attacks via session renegotiation (CVE-2009-3555). - Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082). - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). - File TOCTOU deserialization vulnerability (CVE-2010-0085). - Inflater/Deflater clone issues (CVE-2010-0088). - Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091). - AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092). - System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093). - Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094). - Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095). - JAR unpack200 must verify input parameters (CVE-2010-0837). - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). - Applet Trusted Methods Chaining Privilege Escalation Vulnerability (CVE-2010-0840). - No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845) - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). - AWT Library Invalid Index Vulnerability (CVE-2010-0848). Additional security issues that was fixed with IcedTea6 1.6.2 : - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885). Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages : - plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474. Packages for 2009.0 are provided due to the Extended Maintenance Program.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 46176
    published 2010-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46176
    title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200911-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 42834
    published 2009-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42834
    title GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1694.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-0217, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR7 Java release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 43597
    published 2009-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43597
    title RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1694)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-IBM-6755.NASL
    description IBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed: CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49861
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49861
    title SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6755)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_6_UPDATE1.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 1. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 43003
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43003
    title Mac OS X : Java for Mac OS X 10.6 Update 1
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12565.NASL
    description IBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed : - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43854
    published 2010-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43854
    title SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12565)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20091109_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    description CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) CVE-2009-3880 OpenJDK UI logging information leakage(6664512) CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) CVE-2009-3729 JRE TrueType font parsing crash (6815780) CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969) CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar files (6870531) CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752) CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824) CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303) CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970) This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886) All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60691
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60691
    title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-11486.NASL
    description Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 42802
    published 2009-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42802
    title Fedora 11 : java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 (2009-11486)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-IBM-6757.NASL
    description IBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed: CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 43859
    published 2010-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43859
    title SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6757)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0002.NASL
    description a. Java JRE Security Update JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 45386
    published 2010-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45386
    title VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_JAVA-1_6_0-SUN-091113.NASL
    description The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to 'timing attack vulnerabilities,' aka Bug Id 6863503. CVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP header s, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3864: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to lev erage vulnerabilities in older releases of this software, aka Bug Id 6869694. CVE-2009-3865: The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. CVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. CVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. CVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via a crafted image file, related to a 'quanization problem,' aka Bug Id 6862968.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42853
    published 2009-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42853
    title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-6741.NASL
    description IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. The timezone update to 1.6.9s (with the latest Fiji change). - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also see http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 49863
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49863
    title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6741)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_JAVA-1_6_0-SUN-091113.NASL
    description The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to 'timing attack vulnerabilities,' aka Bug Id 6863503. CVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP header s, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3864: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to lev erage vulnerabilities in older releases of this software, aka Bug Id 6869694. CVE-2009-3865: The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. CVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. CVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. CVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via a crafted image file, related to a 'quanization problem,' aka Bug Id 6862968.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42851
    published 2009-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42851
    title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0002_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the bundled version of the Java Runtime Environment (JRE).
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89736
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89736
    title VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1560.NASL
    description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 42431
    published 2009-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42431
    title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1584.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 42828
    published 2009-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42828
    title RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-859-1.NASL
    description Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK. (CVE-2009-2409) It was discovered that ICC profiles could be identified with '..' pathnames. If a user were tricked into running a specially crafted applet, a remote attacker could gain information about a local system. (CVE-2009-3728) Peter Vreugdenhil discovered multiple flaws in the processing of graphics in the AWT library. If a user were tricked into running a specially crafted applet, a remote attacker could crash the application or run arbitrary code with user privileges. (CVE-2009-3869, CVE-2009-3871) Multiple flaws were discovered in JPEG and BMP image handling. If a user were tricked into loading a specially crafted image, a remote attacker could crash the application or run arbitrary code with user privileges. (CVE-2009-3873, CVE-2009-3874, CVE-2009-3885) Coda Hale discovered that HMAC-based signatures were not correctly validated. Remote attackers could bypass certain forms of authentication, granting unexpected access. (CVE-2009-3875) Multiple flaws were discovered in ASN.1 parsing. A remote attacker could send a specially crafted HTTP stream that would exhaust system memory and lead to a denial of service. (CVE-2009-3876, CVE-2009-3877) It was discovered that the graphics configuration subsystem did not correctly handle arrays. If a user were tricked into running a specially crafted applet, a remote attacker could exploit this to crash the application or execute arbitrary code with user privileges. (CVE-2009-3879) It was discovered that loggers and Swing did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2009-3880, CVE-2009-3882, CVE-2009-3883) It was discovered that the ClassLoader did not correctly handle certain options. If a user were tricked into running a specially crafted applet, a remote attacker could execute arbitrary code with user privileges. (CVE-2009-3881) It was discovered that time zone file loading could be used to determine the existence of files on the local system. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2009-3884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 42817
    published 2009-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42817
    title Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-091125.NASL
    description New icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42923
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42923
    title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-SUN-091113.NASL
    description The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : - The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. (CVE-2009-3866) - Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. (CVE-2009-3867) - Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. (CVE-2009-3869) - Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. (CVE-2009-3871) - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. (CVE-2009-3874) - The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 befor e Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to 'timing attack vulnerabilities,' aka Bug Id 6863503. (CVE-2009-3875) - Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. (CVE-2009-3876) - Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP header s, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. (CVE-2009-3877) - The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to lev erage vulnerabilities in older releases of this software, aka Bug Id 6869694. (CVE-2009-3864) - The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. (CVE-2009-3865) - Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. (CVE-2009-3868) - Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. (CVE-2009-3872) - The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via a crafted image file, related to a 'quanization problem,' aka Bug Id 6862968. (CVE-2009-3873)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42857
    published 2009-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42857
    title SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_JAVA-1_6_0-SUN-091113.NASL
    description The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to 'timing attack vulnerabilities,' aka Bug Id 6863503. CVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP header s, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. CVE-2009-3864: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to lev erage vulnerabilities in older releases of this software, aka Bug Id 6869694. CVE-2009-3865: The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. CVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. CVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. CVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via a crafted image file, related to a 'quanization problem,' aka Bug Id 6862968.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42855
    published 2009-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42855
    title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-11489.NASL
    description Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 42805
    published 2009-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42805
    title Fedora 12 : java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 (2009-11489)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-100105.NASL
    description IBM Java 6 was updated to Service Refresh 7. The following security issues were fixed : - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A command execution vulnerability in the Java Runtime Environment Deployment Toolkit might be used to run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3865) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - A security vulnerability in the Java Web Start Installer might be used to allow an untrusted Java Web Start application to run as a trusted application and run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3866) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217) Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43872
    published 2010-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43872
    title SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1748)
  • NASL family Windows
    NASL id SUN_JAVA_JRE_269868.NASL
    description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.2_24 / 1.3.1_27. Such versions are potentially affected by the following security issues : - The Java update mechanism on non-English versions does not update the JRE when a new version is available. (269868) - A command execution vulnerability exists in the Java runtime environment deployment toolkit. (269869) - An issue in the Java web start installer may be leveraged to allow an untrusted Java web start application to run as a trusted application. (269870) - Multiple buffer and integer overflow vulnerabilities. (270474) - A security vulnerability in the JRE with verifying HMAC digests may allow authentication to be bypassed. (270475) - Two vulnerabilities in the JRE with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a denial of service. (270476) - A directory traversal vulnerability in the ICC_Profile.getInstance method allows a remote attacker to determine the existence of local International Color Consortium (ICC) profile files. (Bug #6631533) - A denial of service attack is possible via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file. (Bug #6632445) - Resurrected classloaders can still have children, which could allow a remote attacker to gain privileges via unspecified vectors. (Bug #6636650) - The Abstract Window Toolkit (AWT) does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager. (Bug #6664512) - An unspecified vulnerability in TrueType font parsing functionality may lead to a denial of service. (Bug #6815780) - The failure to clone arrays returned by the getConfigurations function could lead to multiple, unspecified vulnerabilities in the X11 and Win32GraphicsDevice subsystems. (Bug #6822057) - The TimeZone.getTimeZone method can be used by a remote attacker to determine the existence of local files via its handling of zoneinfo (aka tz) files. (Bug #6824265) - Java Web Start does not properly handle the interaction between a signed JAR file and a JNLP application or applet. (Bug #6870531)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 42373
    published 2009-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42373
    title Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_JAVA-1_5_0-SUN-091109.NASL
    description java-1_5_0-sun u22 update fixes the following security bugs : - CVE-2009-3864: CVSS v2 Base Score: 7.5 - CVE-2009-3867: CVSS v2 Base Score: 9.3 - CVE-2009-3868: CVSS v2 Base Score: 9.3 - CVE-2009-3869: CVSS v2 Base Score: 9.3 - CVE-2009-3871: CVSS v2 Base Score: 9.3 - CVE-2009-3872: CVSS v2 Base Score: 10.0 - CVE-2009-3873: CVSS v2 Base Score: n/a - CVE-2009-3874: CVSS v2 Base Score: 9.3 - CVE-2009-3875: CVSS v2 Base Score: 5.0 - CVE-2009-3876: CVSS v2 Base Score: 5.0 - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details use the CVE-ID to query the Mitre database at http://cve.mitre.org/cve please.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 42460
    published 2009-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42460
    title openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1643.NASL
    description Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 43048
    published 2009-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43048
    title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1643)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_JAVA-1_6_0-OPENJDK-091125.NASL
    description New icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42921
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42921
    title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_JAVA-1_6_0-OPENJDK-091127.NASL
    description New icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42926
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42926
    title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1584.NASL
    description From Red Hat Security Advisory 2009:1584 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67960
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67960
    title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1584)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_4_2-IBM-100105.NASL
    description IBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed : - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43857
    published 2010-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43857
    title SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 1744)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_5_UPDATE6.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 6. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 43002
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43002
    title Mac OS X : Java for Mac OS X 10.5 Update 6
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1571.NASL
    description Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884) Note: This is the final update for the java-1.5.0-sun packages, as the Sun Java SE Release family 5.0 has now reached End of Service Life. The next update will remove the java-1.5.0-sun packages. An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Extras and Supplementary channels on the Red Hat Network. For users of applications that are capable of using the Java 6 runtime, the OpenJDK open source JDK is included in Red Hat Enterprise Linux 5 (since 5.3) and is supported by Red Hat. Users of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 42455
    published 2009-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42455
    title RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1647.NASL
    description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR11 Java release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 43079
    published 2009-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43079
    title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1647)
  • NASL family Misc.
    NASL id SUN_JAVA_JRE_269868_UNIX.NASL
    description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.2_24 / 1.3.1_27. Such versions are potentially affected by the following security issues : - The Java update mechanism on non-English versions does not update the JRE when a new version is available. (269868) - A command execution vulnerability exists in the Java runtime environment deployment toolkit. (269869) - An issue in the Java web start installer may be leveraged to allow an untrusted Java web start application to run as a trusted application. (269870) - Multiple buffer and integer overflow vulnerabilities exist. (270474) - A security vulnerability in the JRE with verifying HMAC digests may allow authentication to be bypassed. (270475) - Two vulnerabilities in the JRE with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a denial of service. (270476) - A directory traversal vulnerability in the ICC_Profile.getInstance method allows a remote attacker to determine the existence of local International Color Consortium (ICC) profile files. (Bug #6631533) - A denial of service attack is possible via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file. (Bug #6632445) - Resurrected classloaders can still have children, which could allow a remote attacker to gain privileges via unspecified vectors (Bug #6636650) - The Abstract Window Toolkit (AWT) does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager. (Bug #6664512) - An unspecified vulnerability in TrueType font parsing functionality may lead to a denial of service. (Bug #6815780) - The failure to clone arrays returned by the getConfigurations function could lead to multiple, unspecified vulnerabilities in the X11 and Win32GraphicsDevice subsystems. (Bug #6822057) - The TimeZone.getTimeZone method can be used by a remote attacker to determine the existence of local files via its handling of zoneinfo (aka tz) files. (Bug #6824265) - Java Web Start does not properly handle the interaction between a signed JAR file and a JNLP application or applet. (Bug #6870531)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64831
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64831
    title Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-11490.NASL
    description Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 42806
    published 2009-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42806
    title Fedora 10 : java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 (2009-11490)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0043.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.3. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) Users of Red Hat Network Satellite Server 5.3 are advised to upgrade to these updated java-1.6.0-ibm packages, which resolve these issues. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44029
    published 2010-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44029
    title RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-6740.NASL
    description IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. The timezone update to 1.6.9s (with the latest Fiji change). - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also see http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 43822
    published 2010-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43822
    title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6740)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_JAVA-1_5_0-SUN-091109.NASL
    description java-1_5_0-sun u22 update fixes the following security bugs : - CVE-2009-3864: CVSS v2 Base Score: 7.5 - CVE-2009-3867: CVSS v2 Base Score: 9.3 - CVE-2009-3868: CVSS v2 Base Score: 9.3 - CVE-2009-3869: CVSS v2 Base Score: 9.3 - CVE-2009-3871: CVSS v2 Base Score: 9.3 - CVE-2009-3872: CVSS v2 Base Score: 10.0 - CVE-2009-3873: CVSS v2 Base Score: n/a - CVE-2009-3874: CVSS v2 Base Score: 9.3 - CVE-2009-3875: CVSS v2 Base Score: 5.0 - CVE-2009-3876: CVSS v2 Base Score: 5.0 - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details use the CVE-ID to query the Mitre database at http://cve.mitre.org/cve please.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 42457
    published 2009-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42457
    title openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1584.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67075
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67075
    title CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12564.NASL
    description IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. It also contains a timezone update for the current Fiji change (timezone 1.6.9s). The update fixes the following security issues : - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876, CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also refer to http://www.ibm.com/developerworks/java/jdk/alerts for more information about this update.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43599
    published 2009-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43599
    title SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)
oval via4
  • accepted 2015-04-20T04:00:16.613-04:00
    class vulnerability
    contributors
    • name Aslesha Nargolkar
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
    family unix
    id oval:org.mitre.oval:def:12134
    status accepted
    submitted 2010-10-27T13:02:54.000-05:00
    title HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
    version 44
  • accepted 2014-01-20T04:01:28.721-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
    family unix
    id oval:org.mitre.oval:def:6698
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title OpenJDK JRE AWT setBytePixels Heap Overflow Vulnerability
    version 8
  • accepted 2015-04-20T04:02:37.464-04:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
    family unix
    id oval:org.mitre.oval:def:8275
    status accepted
    submitted 2010-03-22T17:00:25.000-04:00
    title HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
    version 43
  • accepted 2013-04-29T04:18:57.715-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
    family unix
    id oval:org.mitre.oval:def:9360
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
    version 18
packetstorm via4
data source https://packetstormsecurity.com/files/download/84499/NETRAGARD-20091219.txt
id PACKETSTORM:84499
last seen 2016-12-05
published 2009-12-30
reporter Adriel T. Desautels
source https://packetstormsecurity.com/files/84499/Netragard-Security-Advisory-2009-12-19.html
title Netragard Security Advisory 2009-12-19
redhat via4
advisories
rhsa
id RHSA-2009:1694
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.7.b09.el5
refmap via4
apple
  • APPLE-SA-2009-12-03-1
  • APPLE-SA-2009-12-03-2
bid 36881
confirm
gentoo GLSA-200911-02
hp
  • HPSBMU02703
  • HPSBMU02799
  • HPSBUX02503
  • SSRT100019
  • SSRT100242
mandriva MDVSA-2010:084
misc http://zerodayinitiative.com/advisories/ZDI-09-079/
sectrack 1023132
secunia
  • 37231
  • 37239
  • 37386
  • 37581
  • 37841
sunalert 270474
suse SUSE-SA:2009:058
vupen ADV-2009-3131
saint via4
  • bid 36881
    description Java Runtime Environment AWT setDiffICM buffer overflow
    id web_client_jre
    osvdb 59710
    title jre_awt_setdifficm
    type client
  • bid 36881
    description Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow
    osvdb 59711
    title jre_hsbparser_getsoundbank
    type client
Last major update 22-08-2016 - 22:00
Published 05-11-2009 - 11:30
Last modified 30-10-2018 - 12:25
Back to Top