Lucene search

Veracode Vulnerability DatabaseVERACODE:23562

HistoryApr 10, 2020 - 12:30 a.m.

Arbitrary Code Execution

2020-04-1000:30:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

java is vulnerable to arbitrary code execution. Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet.

CPENameOperatorVersion
java-1.6.0-openjdkeq1.6.0.0__0.25.b09.el5
java-1.6.0-ibmeq1.6.0.4__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.4__1jpp.1.el4
java-1.6.0-openjdkeq1.6.0.0__0.25.b09.el5
java-1.6.0-ibmeq1.6.0.4__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.4__1jpp.1.el4

Name	Operator	Version
java-1.6.0-openjdk	eq	1.6.0.0__0.25.b09.el5
java-1.6.0-ibm	eq	1.6.0.4__1jpp.1.el5
java-1.6.0-ibm	eq	1.6.0.4__1jpp.1.el4
java-1.6.0-openjdk	eq	1.6.0.0__0.25.b09.el5
java-1.6.0-ibm	eq	1.6.0.4__1jpp.1.el5
java-1.6.0-ibm	eq	1.6.0.4__1jpp.1.el4

References

blogs.sun.com/security/entry/advance_notification_of_security_updates4

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133

lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html

marc.info/?l=bugtraq&m=124344236532162&w=2

secunia.com/advisories/34489

secunia.com/advisories/34495

secunia.com/advisories/34496

secunia.com/advisories/34632

secunia.com/advisories/34675

secunia.com/advisories/35156

secunia.com/advisories/35223

secunia.com/advisories/35255

secunia.com/advisories/35416

secunia.com/advisories/36185

secunia.com/advisories/37386

secunia.com/advisories/37460

security.gentoo.org/glsa/glsa-200911-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1

sunsolve.sun.com/search/document.do?assetkey=1-26-254570-1

sunsolve.sun.com/search/document.do?assetkey=1-77-1020225.1-1

support.avaya.com/elmodocs2/security/ASA-2009-108.htm

support.avaya.com/elmodocs2/security/ASA-2009-109.htm

www.debian.org/security/2009/dsa-1769

www.mandriva.com/security/advisories?name=MDVSA-2009:137

www.mandriva.com/security/advisories?name=MDVSA-2009:162

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2009-0392.html

www.redhat.com/support/errata/RHSA-2009-0394.html

www.redhat.com/support/errata/RHSA-2009-1038.html

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/34240

www.securitytracker.com/id?1021894

www.ubuntu.com/usn/usn-748-1

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1426

www.vupen.com/english/advisories/2009/3316

access.redhat.com/errata/RHSA-2009:0377

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6659

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8844

rhn.redhat.com/errata/RHSA-2009-0377.html

rhn.redhat.com/errata/RHSA-2009-1198.html

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:23562