CVE-2009-3864
6.4 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
90.0%
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
References
java.sun.com/javase/6/webnotes/6u17.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
secunia.com/advisories/37231
secunia.com/advisories/37239
sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
www.securityfocus.com/bid/36881
www.vupen.com/english/advisories/2009/3131
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6753
Related
6.4 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.025 Low
EPSS
Percentile
90.0%