ID CVE-2009-1103
Summary Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*
    cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 10-10-2018 - 19:34)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
oval via4
accepted 2014-01-20T04:01:27.003-05:00
class vulnerability
contributors
  • name Michael Wood
    organization Hewlett-Packard
  • name Chris Coffin
    organization The MITRE Corporation
definition_extensions
  • comment VMware ESX Server 3.5.0 is installed
    oval oval:org.mitre.oval:def:5887
  • comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
description Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
family unix
id oval:org.mitre.oval:def:6542
status accepted
submitted 2009-11-30T15:39:02.000-04:00
title Java Plug-in Bugs Lets Remote Users Gain Privileges
version 7
redhat via4
advisories
  • rhsa
    id RHSA-2009:0392
  • rhsa
    id RHSA-2009:0394
  • rhsa
    id RHSA-2009:1038
  • rhsa
    id RHSA-2009:1198
rpms
  • java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5
  • java-1.5.0-sun-0:1.5.0.18-1jpp.1.el4
  • java-1.5.0-sun-0:1.5.0.18-1jpp.1.el5
  • java-1.5.0-sun-demo-0:1.5.0.18-1jpp.1.el4
  • java-1.5.0-sun-demo-0:1.5.0.18-1jpp.1.el5
  • java-1.5.0-sun-devel-0:1.5.0.18-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.18-1jpp.1.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.18-1jpp.1.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.18-1jpp.1.el5
  • java-1.5.0-sun-plugin-0:1.5.0.18-1jpp.1.el4
  • java-1.5.0-sun-plugin-0:1.5.0.18-1jpp.1.el5
  • java-1.5.0-sun-src-0:1.5.0.18-1jpp.1.el4
  • java-1.5.0-sun-src-0:1.5.0.18-1jpp.1.el5
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.3.el5
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.5.el4
  • java-1.5.0-ibm-accessibility-1:1.5.0.9-1jpp.3.el5
  • java-1.5.0-ibm-demo-1:1.5.0.9-1jpp.3.el5
  • java-1.5.0-ibm-demo-1:1.5.0.9-1jpp.5.el4
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.3.el5
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.5.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.9-1jpp.3.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.9-1jpp.5.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.9-1jpp.3.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.9-1jpp.5.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.9-1jpp.3.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.9-1jpp.5.el4
  • java-1.5.0-ibm-src-1:1.5.0.9-1jpp.3.el5
  • java-1.5.0-ibm-src-1:1.5.0.9-1jpp.5.el4
  • java-1.6.0-ibm-1:1.6.0.5-1jpp.1.el4
  • java-1.6.0-ibm-1:1.6.0.5-1jpp.1.el5
  • java-1.6.0-ibm-accessibility-1:1.6.0.5-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.5-1jpp.1.el4
  • java-1.6.0-ibm-demo-1:1.6.0.5-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.5-1jpp.1.el4
  • java-1.6.0-ibm-devel-1:1.6.0.5-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.5-1jpp.1.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.5-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.5-1jpp.1.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.5-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.5-1jpp.1.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.5-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.5-1jpp.1.el4
  • java-1.6.0-ibm-src-1:1.6.0.5-1jpp.1.el5
  • java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.22-1jpp.1.el4
  • java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-1:1.6.0.7-1jpp.3.el4
  • java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.2.el5
  • java-1.6.0-ibm-devel-1:1.6.0.7-1jpp.3.el4
refmap via4
bid 34240
bugtraq 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
confirm
gentoo GLSA-200911-02
hp
  • HPSBMA02429
  • HPSBUX02429
  • SSRT090058
sectrack 1021920
secunia
  • 34495
  • 34496
  • 35156
  • 35255
  • 35416
  • 36185
  • 37386
  • 37460
sunalert 254611
suse
  • SUSE-SA:2009:016
  • SUSE-SA:2009:036
  • SUSE-SR:2009:011
vupen
  • ADV-2009-1426
  • ADV-2009-3316
xf jre-javaplugin-privilege-escalation(49456)
Last major update 10-10-2018 - 19:34
Published 25-03-2009 - 23:30
Last modified 10-10-2018 - 19:34
Back to Top