Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-1099
HistoryMar 25, 2009 - 11:30 p.m.

CVE-2009-1099

2009-03-2523:30:00
CWE-189
[email protected]
web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.668 Medium

EPSS

Percentile

98.0%

JSON

Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.

Affected configurations

NVD
Node
sunjava_runtime_environmentMatch5.017
OR
sunjava_runtime_environmentMatch6.012
OR
sunjava_se_development_kit

References

Related

cve 1
veracode 1
ubuntucve 1
cvelist 1
checkpoint_advisories 1
prion 1
nessus 33
openvas 26
redhat 6
suse 3
oracle 1
securityvulns 1
vmware 6
gentoo 1
cve
cve
CVE-2009-1099
2009-03-25 23:30:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:37:27
ubuntucve
ubuntucve
CVE-2009-1099
2009-03-25 00:00:00
cvelist
cvelist
CVE-2009-1099
2009-03-25 23:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Runtime Environment Type1 Font Parsing Integer Overflow (CVE-2009-1099)
2010-02-25 00:00:00
prion
prion
Integer overflow
2009-03-25 23:30:00
nessus
nessus
Solaris 10 (x86) : 118669-61
2018-03-12 00:00:00
Solaris 10 (x86) : 118669-19
2018-03-12 00:00:00
openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)
2009-07-21 00:00:00
openvas
openvas
SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK
2009-10-10 00:00:00
SLES10: Security update for IBM Java 5
2009-10-13 00:00:00
SLES10: Security update for IBM Java 5
2009-10-13 00:00:00
redhat
redhat
(RHSA-2009:0394) Critical: java-1.5.0-sun security update
2009-03-26 00:00:00
(RHSA-2009:1198) Critical: java-1.6.0-ibm security update
2009-08-06 00:00:00
(RHSA-2009:1038) Critical: java-1.5.0-ibm security update
2009-05-18 00:00:00
suse
suse
remote code execution in IBM JDK 5
2009-05-25 13:39:41
remote code execution in java-1_6_0-ibm
2009-07-02 21:55:23
remote code execution in Sun Java 5 and 6
2009-04-03 13:04:22
oracle
oracle
09-07 CPU Advisory
2009-07-14 00:00:00
securityvulns
securityvulns
Oracle Critical Patch Update Advisory - July 2009
2009-07-16 00:00:00
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.668 Medium

EPSS

Percentile

98.0%

JSON
Related for NVD:CVE-2009-1099
cve1veracode1ubuntucve1cvelist1checkpoint_advisories1prion1nessus33openvas26redhat6suse3oracle1securityvulns1vmware6gentoo1