CVE-2009-2716 - The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selec

CVE-2009-2716

Summary

The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors.

References

Vulnerable Configurations

cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*
cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-10-2018 - 19:41)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

rpms

java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4
java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5
java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4
java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5
java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4
java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5
java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4
java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5
java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4
java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5
java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4
java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5

refmap via4

bugtraq	20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
confirm	http://java.sun.com/javase/6/webnotes/6u15.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html
gentoo	GLSA-200911-02
secunia	37386 37460
vupen	ADV-2009-3316

Last major update

10-10-2018 - 19:41

Published

10-08-2009 - 20:30

Last modified

10-10-2018 - 19:41