CVE-2009-1101 - Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (

CVE-2009-1101

Summary

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."

References

Vulnerable Configurations

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-10-2018 - 19:33)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2013-04-29T04:02:18.383-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10152

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

accepted

2014-01-20T04:01:26.185-05:00

class

vulnerability

contributors

name Michael Wood
organization Hewlett-Packard
name Chris Coffin
organization The MITRE Corporation

definition_extensions

comment VMware ESX Server 3.5.0 is installed
oval oval:org.mitre.oval:def:5887
comment VMware ESX Server 4.0 is installed
oval oval:org.mitre.oval:def:6293

description

family

unix

oval:org.mitre.oval:def:6412

status

accepted

submitted

2009-11-30T15:39:02.000-04:00

title

Java Runtime Environment (JRE) HTTP Server Bug Lets Remote Users Deny Service

version

redhat via4

advisories

rhsa
id RHSA-2009:0377
rhsa
id RHSA-2009:0392
rhsa
id RHSA-2009:1038
rhsa
id RHSA-2009:1198

rpms

java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5
java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5
java-1.5.0-ibm-1:1.5.0.9-1jpp.3.el5
java-1.5.0-ibm-1:1.5.0.9-1jpp.5.el4
java-1.5.0-ibm-accessibility-1:1.5.0.9-1jpp.3.el5
java-1.5.0-ibm-demo-1:1.5.0.9-1jpp.3.el5
java-1.5.0-ibm-demo-1:1.5.0.9-1jpp.5.el4
java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.3.el5
java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.5.el4
java-1.5.0-ibm-javacomm-1:1.5.0.9-1jpp.3.el5
java-1.5.0-ibm-javacomm-1:1.5.0.9-1jpp.5.el4
java-1.5.0-ibm-jdbc-1:1.5.0.9-1jpp.3.el5
java-1.5.0-ibm-jdbc-1:1.5.0.9-1jpp.5.el4
java-1.5.0-ibm-plugin-1:1.5.0.9-1jpp.3.el5
java-1.5.0-ibm-plugin-1:1.5.0.9-1jpp.5.el4
java-1.5.0-ibm-src-1:1.5.0.9-1jpp.3.el5
java-1.5.0-ibm-src-1:1.5.0.9-1jpp.5.el4
java-1.6.0-ibm-1:1.6.0.5-1jpp.1.el4
java-1.6.0-ibm-1:1.6.0.5-1jpp.1.el5
java-1.6.0-ibm-accessibility-1:1.6.0.5-1jpp.1.el5
java-1.6.0-ibm-demo-1:1.6.0.5-1jpp.1.el4
java-1.6.0-ibm-demo-1:1.6.0.5-1jpp.1.el5
java-1.6.0-ibm-devel-1:1.6.0.5-1jpp.1.el4
java-1.6.0-ibm-devel-1:1.6.0.5-1jpp.1.el5
java-1.6.0-ibm-javacomm-1:1.6.0.5-1jpp.1.el4
java-1.6.0-ibm-javacomm-1:1.6.0.5-1jpp.1.el5
java-1.6.0-ibm-jdbc-1:1.6.0.5-1jpp.1.el4
java-1.6.0-ibm-jdbc-1:1.6.0.5-1jpp.1.el5
java-1.6.0-ibm-plugin-1:1.6.0.5-1jpp.1.el4
java-1.6.0-ibm-plugin-1:1.6.0.5-1jpp.1.el5
java-1.6.0-ibm-src-1:1.6.0.5-1jpp.1.el4
java-1.6.0-ibm-src-1:1.6.0.5-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5
java-1.6.0-ibm-1:1.6.0.7-1jpp.3.el4
java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.2.el5
java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.3.el4

refmap via4

bid	34240
bugtraq	20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
confirm	http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html
debian	DSA-1769
gentoo	GLSA-200911-02
hp	HPSBMA02429 HPSBUX02429 SSRT090058
mandriva	MDVSA-2009:137 MDVSA-2009:162
misc	http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1
sectrack	1021918
secunia	34489 34496 34632 34675 35156 35223 35255 35776 36185 37386 37460
sunalert	254609
suse	SUSE-SA:2009:016 SUSE-SA:2009:029 SUSE-SA:2009:036
ubuntu	USN-748-1
vupen	ADV-2009-1426 ADV-2009-3316

Last major update

10-10-2018 - 19:33

Published

25-03-2009 - 23:30

Last modified

10-10-2018 - 19:33