Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    29 vulnerabilities found for java by sun

    VAR-199903-0046

    Vulnerability from variot - Updated: 2023-12-18 12:14

    The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. SAP is an integrated enterprise resource planning system based on client/server architecture and open systems, including database open tools when installed. The SAP database program instlserver has problems handling environment variables. Local attackers can exploit this vulnerability for privilege escalation attacks and gain root user privileges. The instlserver program uses the user-supplied data and still runs with ROOT privileges when chmod and chown some files. When running the 'DevTool/bin/instlserver' program, according to the environment variable 'INSTROOT', the specified file will be chowned and chmoded. The attacker builds a malicious file and stores it in the location specified by the environment variable, and gets a suid root. Properties of the program, thereby increasing permissions. Several vendors have released versions of the Java Virtual Machine including Sun Microsystems and Netscape. A serious vulnerability exists in certain current versions of the JVM. It is exploited by an attacker who creates an applet which references an object using two pointers of incompatible type. This circumvents Java's typing rules, and can permit a malicious applet to undermine the normal java security measures on the victim's system. If the victim can be led to visit the attacker's website, the applet can be used by the attacker to assume control of the remote system, making it possible to read or overwrite data, and to run arbitrary code on the host machine

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-199903-0046",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.01"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.06"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.02"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.07"
          },
          {
            "model": "communicator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.5"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.04"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.08"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.05"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.0"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netscape",
            "version": "4.03"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netscape",
            "version": "4.61"
          },
          {
            "model": "java",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sun",
            "version": "*"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netscape",
            "version": "4.5"
          },
          {
            "model": "db",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "sap",
            "version": "7.4.03.27"
          },
          {
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.2"
          },
          {
            "model": "jdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "1.1"
          },
          {
            "model": "navigator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netscape",
            "version": "4.0x"
          },
          {
            "model": "jvm",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "microsoft",
            "version": "1.1"
          },
          {
            "model": "db",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.4"
          },
          {
            "model": "db",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sap",
            "version": "7.3.00"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          },
          {
            "db": "BID",
            "id": "1939"
          },
          {
            "db": "BID",
            "id": "7408"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-0440"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:communicator:4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:sun:java:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-1999-0440"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reported to bugtraq by Gary McGraw \u003cgem@rstcorp.com\u003e on Mon Apr 05 1999.\nCredit given to Karsten Sohr at the University of Marburg \u003csohr@mathematik.uni-marburg.de\u003e",
        "sources": [
          {
            "db": "BID",
            "id": "1939"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-1999-0440",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": true,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.1,
                "id": "CNVD-2003-1115",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-1999-0440",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2003-1115",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-199903-003",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-0440"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. SAP is an integrated enterprise resource planning system based on client/server architecture and open systems, including database open tools when installed. The SAP database program instlserver has problems handling environment variables. Local attackers can exploit this vulnerability for privilege escalation attacks and gain root user privileges. The instlserver program uses the user-supplied data and still runs with ROOT privileges when chmod and chown some files. When running the \u0027DevTool/bin/instlserver\u0027 program, according to the environment variable \u0027INSTROOT\u0027, the specified file will be chowned and chmoded. The attacker builds a malicious file and stores it in the location specified by the environment variable, and gets a suid root. Properties of the program, thereby increasing permissions. Several vendors have released versions of the Java Virtual Machine including Sun Microsystems and Netscape. \nA serious vulnerability exists in certain current versions of the JVM. \nIt is exploited by an attacker who creates an applet which references an object using two pointers of incompatible type. This circumvents Java\u0027s typing rules, and can permit a malicious applet to undermine the normal java security measures on the victim\u0027s system. \nIf the victim can be led to visit the attacker\u0027s website, the applet can be used by the attacker to assume control of the remote system, making it possible to read or overwrite data, and to run arbitrary code on the host machine",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-1999-0440"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          },
          {
            "db": "BID",
            "id": "1939"
          },
          {
            "db": "BID",
            "id": "7408"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "1939",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-1999-0440",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "7408",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "19990405 SECURITY HOLE IN JAVA 2 (AND JDK 1.1.X)",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          },
          {
            "db": "BID",
            "id": "1939"
          },
          {
            "db": "BID",
            "id": "7408"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-0440"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ]
      },
      "id": "VAR-199903-0046",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:14:16.344000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-1999-0440"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/1939"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105103613727471\u0026w=2"
          },
          {
            "trust": 0.6,
            "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=92333596624452\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://listserv.sap.com/pipermail/sapdb.sources/2003-april/000142.html"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/319409"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          },
          {
            "db": "BID",
            "id": "7408"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-0440"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          },
          {
            "db": "BID",
            "id": "1939"
          },
          {
            "db": "BID",
            "id": "7408"
          },
          {
            "db": "NVD",
            "id": "CVE-1999-0440"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2003-04-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          },
          {
            "date": "1999-04-05T00:00:00",
            "db": "BID",
            "id": "1939"
          },
          {
            "date": "2003-04-22T00:00:00",
            "db": "BID",
            "id": "7408"
          },
          {
            "date": "1999-03-01T05:00:00",
            "db": "NVD",
            "id": "CVE-1999-0440"
          },
          {
            "date": "1999-03-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2003-04-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          },
          {
            "date": "1999-04-05T00:00:00",
            "db": "BID",
            "id": "1939"
          },
          {
            "date": "2009-07-11T21:07:00",
            "db": "BID",
            "id": "7408"
          },
          {
            "date": "2016-10-18T01:59:21.563000",
            "db": "NVD",
            "id": "CVE-1999-0440"
          },
          {
            "date": "2005-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SAP database development tool INSTLSERVER INSTROOT environment variable vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2003-1115"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "1939"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-199903-003"
          }
        ],
        "trust": 0.9
      }
    }

    CVE-2010-0887 (GCVE-0-2010-0887)

    Vulnerability from nvd – Published: 2010-04-20 19:00 – Updated: 2024-08-07 01:06
    VLAI
    Summary
    Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://marc.info/?l=bugtraq&m=134254866602253&w=2 vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/39819 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT4170 x_refsource_CONFIRM
    http://www.oracle.com/technology/deploy/security/… x_refsource_CONFIRM
    http://support.apple.com/kb/HT4171 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2010/1191 vdb-entryx_refsource_VUPEN
    Date Public
    2010-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:06:51.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "APPLE-SA-2010-05-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
              },
              {
                "name": "HPSBMU02799",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
              },
              {
                "name": "39819",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39819"
              },
              {
                "name": "APPLE-SA-2010-05-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4170"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4171"
              },
              {
                "name": "ADV-2010-1191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1191"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-08-19T15:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "APPLE-SA-2010-05-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
            },
            {
              "name": "HPSBMU02799",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "39819",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39819"
            },
            {
              "name": "APPLE-SA-2010-05-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4170"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4171"
            },
            {
              "name": "ADV-2010-1191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1191"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2010-0887",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "APPLE-SA-2010-05-18-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
                },
                {
                  "name": "HPSBMU02799",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
                },
                {
                  "name": "39819",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39819"
                },
                {
                  "name": "APPLE-SA-2010-05-18-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4170",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4170"
                },
                {
                  "name": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4171",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4171"
                },
                {
                  "name": "ADV-2010-1191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1191"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2010-0887",
        "datePublished": "2010-04-20T19:00:00.000Z",
        "dateReserved": "2010-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:06:51.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1107 (GCVE-0-2009-1107)

    Vulnerability from nvd – Published: 2009-03-25 23:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35156 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-10… vendor-advisoryx_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html vendor-advisoryx_refsource_REDHAT
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/34495 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36185 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021920 vdb-entryx_refsource_SECTRACK
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/35416 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:48.666Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2009:036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1"
              },
              {
                "name": "jre-plugin-signedapplet-unauth-access(49460)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49460"
              },
              {
                "name": "oval:org.mitre.oval:def:6585",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6585"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "35156",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "name": "RHSA-2009:1038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
              },
              {
                "name": "RHSA-2009:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "RHSA-2009:0394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
              },
              {
                "name": "34495",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34495"
              },
              {
                "name": "36185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36185"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "SUSE-SR:2009:011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "1021920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021920"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "254611",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
              },
              {
                "name": "35416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35416"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a \"Swing JLabel HTML parsing vulnerability,\" aka CR 6782871."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2009:036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1"
            },
            {
              "name": "jre-plugin-signedapplet-unauth-access(49460)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49460"
            },
            {
              "name": "oval:org.mitre.oval:def:6585",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6585"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "RHSA-2009:0394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
            },
            {
              "name": "34495",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34495"
            },
            {
              "name": "36185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "SUSE-SR:2009:011",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "1021920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021920"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "254611",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
            },
            {
              "name": "35416",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1107",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a \"Swing JLabel HTML parsing vulnerability,\" aka CR 6782871."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2009:036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1",
                  "refsource": "MISC",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1"
                },
                {
                  "name": "jre-plugin-signedapplet-unauth-access(49460)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49460"
                },
                {
                  "name": "oval:org.mitre.oval:def:6585",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6585"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "35156",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35156"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "RHSA-2009:1038",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
                },
                {
                  "name": "RHSA-2009:1198",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "RHSA-2009:0394",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
                },
                {
                  "name": "34495",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34495"
                },
                {
                  "name": "36185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36185"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "SUSE-SR:2009:011",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "1021920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021920"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "254611",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
                },
                {
                  "name": "35416",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35416"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1107",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:48.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1105 (GCVE-0-2009-1105)

    Vulnerability from nvd – Published: 2009-03-25 23:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35156 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/39819 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-10… vendor-advisoryx_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html vendor-advisoryx_refsource_REDHAT
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/36185 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021920 vdb-entryx_refsource_SECTRACK
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://support.apple.com/kb/HT4171 x_refsource_CONFIRM
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2010/1191 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:48.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2009:036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
              },
              {
                "name": "APPLE-SA-2010-05-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "35156",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35156"
              },
              {
                "name": "39819",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39819"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "name": "RHSA-2009:1038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
              },
              {
                "name": "RHSA-2009:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:6642",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
              },
              {
                "name": "36185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36185"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "1021920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021920"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "254611",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4171"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "jre-plugin-weak-security(49458)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2010-1191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1191"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2009:036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "name": "APPLE-SA-2010-05-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "name": "39819",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39819"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:6642",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
            },
            {
              "name": "36185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "1021920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021920"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "254611",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4171"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "jre-plugin-weak-security(49458)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2010-1191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1191"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2009:036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
                },
                {
                  "name": "APPLE-SA-2010-05-18-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "35156",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35156"
                },
                {
                  "name": "39819",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39819"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "RHSA-2009:1038",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
                },
                {
                  "name": "RHSA-2009:1198",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:6642",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
                },
                {
                  "name": "36185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36185"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "1021920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021920"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "254611",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
                },
                {
                  "name": "http://support.apple.com/kb/HT4171",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4171"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "jre-plugin-weak-security(49458)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2010-1191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1191"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1105",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:48.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1104 (GCVE-0-2009-1104)

    Vulnerability from nvd – Published: 2009-03-25 23:00 – Updated: 2024-08-07 04:57
    VLAI
    Summary
    The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35156 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-10… vendor-advisoryx_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html vendor-advisoryx_refsource_REDHAT
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/34495 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36185 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021920 vdb-entryx_refsource_SECTRACK
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/35416 third-party-advisoryx_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_MISC
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:57:17.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2009:036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "35156",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "jre-plugin-javascriptcode-unauthorized-access(49457)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49457"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "name": "RHSA-2009:1038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
              },
              {
                "name": "RHSA-2009:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "RHSA-2009:0394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
              },
              {
                "name": "34495",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34495"
              },
              {
                "name": "36185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36185"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "SUSE-SR:2009:011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "1021920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021920"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "254611",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
              },
              {
                "name": "35416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35416"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "oval:org.mitre.oval:def:6584",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6584"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331.  NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2009:036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "jre-plugin-javascriptcode-unauthorized-access(49457)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49457"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "RHSA-2009:0394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
            },
            {
              "name": "34495",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34495"
            },
            {
              "name": "36185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "SUSE-SR:2009:011",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "1021920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021920"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "254611",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
            },
            {
              "name": "35416",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "oval:org.mitre.oval:def:6584",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6584"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331.  NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2009:036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "35156",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35156"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "jre-plugin-javascriptcode-unauthorized-access(49457)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49457"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "RHSA-2009:1038",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
                },
                {
                  "name": "RHSA-2009:1198",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "RHSA-2009:0394",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
                },
                {
                  "name": "34495",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34495"
                },
                {
                  "name": "36185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36185"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "SUSE-SR:2009:011",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "1021920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021920"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "254611",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
                },
                {
                  "name": "35416",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35416"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1",
                  "refsource": "MISC",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "oval:org.mitre.oval:def:6584",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6584"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1104",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:57:17.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1103 (GCVE-0-2009-1103)

    Vulnerability from nvd – Published: 2009-03-25 23:00 – Updated: 2024-08-07 04:57
    VLAI
    Summary
    Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35156 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-10… vendor-advisoryx_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html vendor-advisoryx_refsource_REDHAT
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/34495 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36185 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021920 vdb-entryx_refsource_SECTRACK
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/35416 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:57:17.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2009:036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "35156",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "name": "RHSA-2009:1038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
              },
              {
                "name": "RHSA-2009:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "RHSA-2009:0394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
              },
              {
                "name": "34495",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34495"
              },
              {
                "name": "36185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36185"
              },
              {
                "name": "oval:org.mitre.oval:def:6542",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "SUSE-SR:2009:011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "1021920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021920"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "254611",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
              },
              {
                "name": "jre-javaplugin-privilege-escalation(49456)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49456"
              },
              {
                "name": "35416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35416"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2009:036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "RHSA-2009:0394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
            },
            {
              "name": "34495",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34495"
            },
            {
              "name": "36185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "oval:org.mitre.oval:def:6542",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "SUSE-SR:2009:011",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "1021920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021920"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "254611",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
            },
            {
              "name": "jre-javaplugin-privilege-escalation(49456)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49456"
            },
            {
              "name": "35416",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1103",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2009:036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "35156",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35156"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "RHSA-2009:1038",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
                },
                {
                  "name": "RHSA-2009:1198",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "RHSA-2009:0394",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
                },
                {
                  "name": "34495",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34495"
                },
                {
                  "name": "36185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36185"
                },
                {
                  "name": "oval:org.mitre.oval:def:6542",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "SUSE-SR:2009:011",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "1021920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021920"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "254611",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
                },
                {
                  "name": "jre-javaplugin-privilege-escalation(49456)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49456"
                },
                {
                  "name": "35416",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35416"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1103",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:57:17.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1102 (GCVE-0-2009-1102)

    Vulnerability from nvd – Published: 2009-03-25 23:00 – Updated: 2024-08-07 04:57
    VLAI
    Summary
    Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/34632 third-party-advisoryx_refsource_SECUNIA
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/34489 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    https://rhn.redhat.com/errata/RHSA-2009-0377.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1021919 vdb-entryx_refsource_SECTRACK
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/35223 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-748-1 vendor-advisoryx_refsource_UBUNTU
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:57:17.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:6722",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
              },
              {
                "name": "MDVSA-2009:137",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
              },
              {
                "name": "34632",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34632"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "SUSE-SA:2009:029",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "34489",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34489"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "254610",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
              },
              {
                "name": "RHSA-2009:0377",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "1021919",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021919"
              },
              {
                "name": "MDVSA-2009:162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10300",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
              },
              {
                "name": "35223",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35223"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "USN-748-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-748-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:6722",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
            },
            {
              "name": "MDVSA-2009:137",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
            },
            {
              "name": "34632",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34632"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "SUSE-SA:2009:029",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "34489",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34489"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "254610",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
            },
            {
              "name": "RHSA-2009:0377",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "1021919",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021919"
            },
            {
              "name": "MDVSA-2009:162",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10300",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
            },
            {
              "name": "35223",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35223"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "USN-748-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-748-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1102",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:6722",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
                },
                {
                  "name": "MDVSA-2009:137",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
                },
                {
                  "name": "34632",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34632"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "SUSE-SA:2009:029",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "34489",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34489"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "254610",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
                },
                {
                  "name": "RHSA-2009:0377",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "1021919",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021919"
                },
                {
                  "name": "MDVSA-2009:162",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:10300",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
                },
                {
                  "name": "35223",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35223"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "USN-748-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-748-1"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1102",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:57:17.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3440 (GCVE-0-2008-3440)

    Vulnerability from nvd – Published: 2008-08-01 14:00 – Updated: 2024-08-07 09:37
    VLAI
    Summary
    Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:37:26.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
              },
              {
                "name": "1020584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020584"
              },
              {
                "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-08-22T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
            },
            {
              "name": "1020584",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020584"
            },
            {
              "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf",
                  "refsource": "MISC",
                  "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
                },
                {
                  "name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz",
                  "refsource": "MISC",
                  "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
                },
                {
                  "name": "1020584",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020584"
                },
                {
                  "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3440",
        "datePublished": "2008-08-01T14:00:00.000Z",
        "dateReserved": "2008-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:37:26.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2738 (GCVE-0-2005-2738)

    Vulnerability from nvd – Published: 2006-08-05 01:00 – Updated: 2024-08-07 22:45
    VLAI
    Summary
    Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ciac.org/ciac/bulletins/p-306.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.vupen.com/english/advisories/2005/1734 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/16808 third-party-advisoryx_refsource_SECUNIA
    http://docs.info.apple.com/article.html?artnum=302265 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/19397 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/14827 vdb-entryx_refsource_BID
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    Date Public
    2005-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:45:02.149Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "P-306",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
              },
              {
                "name": "ADV-2005-1734",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/1734"
              },
              {
                "name": "16808",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16808"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302265"
              },
              {
                "name": "macos-serversocket-obtain-information(22269)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22269"
              },
              {
                "name": "19397",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/19397"
              },
              {
                "name": "14827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14827"
              },
              {
                "name": "APPLE-SA-2005-09-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "P-306",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
            },
            {
              "name": "ADV-2005-1734",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/1734"
            },
            {
              "name": "16808",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16808"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302265"
            },
            {
              "name": "macos-serversocket-obtain-information(22269)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22269"
            },
            {
              "name": "19397",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/19397"
            },
            {
              "name": "14827",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14827"
            },
            {
              "name": "APPLE-SA-2005-09-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "P-306",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
                },
                {
                  "name": "ADV-2005-1734",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/1734"
                },
                {
                  "name": "16808",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16808"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=302265",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=302265"
                },
                {
                  "name": "macos-serversocket-obtain-information(22269)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22269"
                },
                {
                  "name": "19397",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/19397"
                },
                {
                  "name": "14827",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14827"
                },
                {
                  "name": "APPLE-SA-2005-09-13",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2738",
        "datePublished": "2006-08-05T01:00:00.000Z",
        "dateReserved": "2005-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:45:02.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2530 (GCVE-0-2005-2530)

    Vulnerability from nvd – Published: 2006-08-05 01:00 – Updated: 2024-08-07 22:30
    VLAI
    Summary
    Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ciac.org/ciac/bulletins/p-306.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.securityfocus.com/bid/14826 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/1734 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/16808 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://docs.info.apple.com/article.html?artnum=302265 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    Date Public
    2005-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:30:00.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "P-306",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
              },
              {
                "name": "14826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14826"
              },
              {
                "name": "ADV-2005-1734",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/1734"
              },
              {
                "name": "16808",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16808"
              },
              {
                "name": "macos-untrusted-applet-gain-privileges(22265)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22265"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302265"
              },
              {
                "name": "APPLE-SA-2005-09-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to \"Mac OS X specific extensions.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "P-306",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
            },
            {
              "name": "14826",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14826"
            },
            {
              "name": "ADV-2005-1734",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/1734"
            },
            {
              "name": "16808",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16808"
            },
            {
              "name": "macos-untrusted-applet-gain-privileges(22265)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22265"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302265"
            },
            {
              "name": "APPLE-SA-2005-09-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2530",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to \"Mac OS X specific extensions.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "P-306",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
                },
                {
                  "name": "14826",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14826"
                },
                {
                  "name": "ADV-2005-1734",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/1734"
                },
                {
                  "name": "16808",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16808"
                },
                {
                  "name": "macos-untrusted-applet-gain-privileges(22265)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22265"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=302265",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=302265"
                },
                {
                  "name": "APPLE-SA-2005-09-13",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2530",
        "datePublished": "2006-08-05T01:00:00.000Z",
        "dateReserved": "2005-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:30:00.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2529 (GCVE-0-2005-2529)

    Vulnerability from nvd – Published: 2006-08-05 01:00 – Updated: 2024-08-07 22:30
    VLAI
    Summary
    Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ciac.org/ciac/bulletins/p-306.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://docs.info.apple.com/article.html?artnum=302266 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2005/1734 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.apple.com/archives/Security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/16808 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:30:01.786Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "P-306",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302266"
              },
              {
                "name": "ADV-2005-1734",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/1734"
              },
              {
                "name": "macos-archive-utility-gain-privileges(22264)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22264"
              },
              {
                "name": "APPLE-SA-2005-09-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html"
              },
              {
                "name": "16808",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16808"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to \"the utility used to update Java shared archives.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "P-306",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302266"
            },
            {
              "name": "ADV-2005-1734",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/1734"
            },
            {
              "name": "macos-archive-utility-gain-privileges(22264)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22264"
            },
            {
              "name": "APPLE-SA-2005-09-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html"
            },
            {
              "name": "16808",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16808"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2529",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to \"the utility used to update Java shared archives.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "P-306",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=302266",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=302266"
                },
                {
                  "name": "ADV-2005-1734",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/1734"
                },
                {
                  "name": "macos-archive-utility-gain-privileges(22264)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22264"
                },
                {
                  "name": "APPLE-SA-2005-09-13",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html"
                },
                {
                  "name": "16808",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16808"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2529",
        "datePublished": "2006-08-05T01:00:00.000Z",
        "dateReserved": "2005-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:30:01.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2527 (GCVE-0-2005-2527)

    Vulnerability from nvd – Published: 2006-08-05 01:00 – Updated: 2024-08-07 22:30
    VLAI
    Summary
    Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ciac.org/ciac/bulletins/p-306.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://docs.info.apple.com/article.html?artnum=302266 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2005/1734 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/16808 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/14825 vdb-entryx_refsource_BID
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    Date Public
    2005-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:30:01.393Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "P-306",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302266"
              },
              {
                "name": "ADV-2005-1734",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/1734"
              },
              {
                "name": "macos-temp-file-race-condition(22262)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22262"
              },
              {
                "name": "16808",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16808"
              },
              {
                "name": "14825",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14825"
              },
              {
                "name": "APPLE-SA-2005-09-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "P-306",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302266"
            },
            {
              "name": "ADV-2005-1734",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/1734"
            },
            {
              "name": "macos-temp-file-race-condition(22262)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22262"
            },
            {
              "name": "16808",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16808"
            },
            {
              "name": "14825",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14825"
            },
            {
              "name": "APPLE-SA-2005-09-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2527",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "P-306",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=302266",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=302266"
                },
                {
                  "name": "ADV-2005-1734",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/1734"
                },
                {
                  "name": "macos-temp-file-race-condition(22262)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22262"
                },
                {
                  "name": "16808",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16808"
                },
                {
                  "name": "14825",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14825"
                },
                {
                  "name": "APPLE-SA-2005-09-13",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2527",
        "datePublished": "2006-08-05T01:00:00.000Z",
        "dateReserved": "2005-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:30:01.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1134 (GCVE-0-2003-1134)

    Vulnerability from nvd – Published: 2005-05-10 04:00 – Updated: 2024-09-17 02:36
    VLAI
    Summary
    Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/8892 vdb-entryx_refsource_BID
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:19:44.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "8892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8892"
              },
              {
                "name": "20031026 Java 1.4.2_02 InsecurityManager JVM crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-05-10T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "8892",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8892"
            },
            {
              "name": "20031026 Java 1.4.2_02 InsecurityManager JVM crash",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1134",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "8892",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8892"
                },
                {
                  "name": "20031026 Java 1.4.2_02 InsecurityManager JVM crash",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1134",
        "datePublished": "2005-05-10T04:00:00.000Z",
        "dateReserved": "2005-05-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:05.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-0440 (GCVE-0-1999-0440)

    Vulnerability from nvd – Published: 2000-10-13 04:00 – Updated: 2024-08-01 16:41
    VLAI
    Summary
    The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/1939 vdb-entryx_refsource_BID
    http://java.sun.com/pr/1999/03/pr990329-01.html x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=92333596624452&w=2 mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T16:41:44.840Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/1939"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
              },
              {
                "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-02T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1939",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/1939"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
            },
            {
              "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-0440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1939",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/1939"
                },
                {
                  "name": "http://java.sun.com/pr/1999/03/pr990329-01.html",
                  "refsource": "CONFIRM",
                  "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
                },
                {
                  "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-0440",
        "datePublished": "2000-10-13T04:00:00.000Z",
        "dateReserved": "1999-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-01T16:41:44.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-0142 (GCVE-0-1999-0142)

    Vulnerability from nvd – Published: 2000-06-02 04:00 – Updated: 2024-08-01 16:27
    VLAI
    Summary
    The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T16:27:57.727Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-17T06:46:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-0142",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-0142",
        "datePublished": "2000-06-02T04:00:00.000Z",
        "dateReserved": "1999-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-01T16:27:57.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0887 (GCVE-0-2010-0887)

    Vulnerability from cvelistv5 – Published: 2010-04-20 19:00 – Updated: 2024-08-07 01:06
    VLAI
    Summary
    Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://marc.info/?l=bugtraq&m=134254866602253&w=2 vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/39819 third-party-advisoryx_refsource_SECUNIA
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://support.apple.com/kb/HT4170 x_refsource_CONFIRM
    http://www.oracle.com/technology/deploy/security/… x_refsource_CONFIRM
    http://support.apple.com/kb/HT4171 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2010/1191 vdb-entryx_refsource_VUPEN
    Date Public
    2010-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:06:51.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "APPLE-SA-2010-05-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
              },
              {
                "name": "HPSBMU02799",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
              },
              {
                "name": "39819",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39819"
              },
              {
                "name": "APPLE-SA-2010-05-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4170"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4171"
              },
              {
                "name": "ADV-2010-1191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1191"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-08-19T15:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "APPLE-SA-2010-05-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
            },
            {
              "name": "HPSBMU02799",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "39819",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39819"
            },
            {
              "name": "APPLE-SA-2010-05-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4170"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4171"
            },
            {
              "name": "ADV-2010-1191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1191"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2010-0887",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "APPLE-SA-2010-05-18-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
                },
                {
                  "name": "HPSBMU02799",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
                },
                {
                  "name": "39819",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39819"
                },
                {
                  "name": "APPLE-SA-2010-05-18-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4170",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4170"
                },
                {
                  "name": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html"
                },
                {
                  "name": "http://support.apple.com/kb/HT4171",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4171"
                },
                {
                  "name": "ADV-2010-1191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1191"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2010-0887",
        "datePublished": "2010-04-20T19:00:00.000Z",
        "dateReserved": "2010-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:06:51.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1102 (GCVE-0-2009-1102)

    Vulnerability from cvelistv5 – Published: 2009-03-25 23:00 – Updated: 2024-08-07 04:57
    VLAI
    Summary
    Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/34632 third-party-advisoryx_refsource_SECUNIA
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/34489 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    https://rhn.redhat.com/errata/RHSA-2009-0377.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1021919 vdb-entryx_refsource_SECTRACK
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/35223 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-748-1 vendor-advisoryx_refsource_UBUNTU
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:57:17.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:6722",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
              },
              {
                "name": "MDVSA-2009:137",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
              },
              {
                "name": "34632",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34632"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "SUSE-SA:2009:029",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "34489",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34489"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "254610",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
              },
              {
                "name": "RHSA-2009:0377",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "1021919",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021919"
              },
              {
                "name": "MDVSA-2009:162",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10300",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
              },
              {
                "name": "35223",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35223"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "USN-748-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-748-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:6722",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
            },
            {
              "name": "MDVSA-2009:137",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
            },
            {
              "name": "34632",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34632"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "SUSE-SA:2009:029",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "34489",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34489"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "254610",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
            },
            {
              "name": "RHSA-2009:0377",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "1021919",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021919"
            },
            {
              "name": "MDVSA-2009:162",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10300",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
            },
            {
              "name": "35223",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35223"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "USN-748-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-748-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1102",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"code generation.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:6722",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6722"
                },
                {
                  "name": "MDVSA-2009:137",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
                },
                {
                  "name": "34632",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34632"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "SUSE-SA:2009:029",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "34489",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34489"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "254610",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1"
                },
                {
                  "name": "RHSA-2009:0377",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "1021919",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021919"
                },
                {
                  "name": "MDVSA-2009:162",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:10300",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10300"
                },
                {
                  "name": "35223",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35223"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "USN-748-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-748-1"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1102",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:57:17.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1105 (GCVE-0-2009-1105)

    Vulnerability from cvelistv5 – Published: 2009-03-25 23:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35156 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/39819 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-10… vendor-advisoryx_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html vendor-advisoryx_refsource_REDHAT
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/36185 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021920 vdb-entryx_refsource_SECTRACK
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://support.apple.com/kb/HT4171 x_refsource_CONFIRM
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2010/1191 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:48.455Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2009:036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
              },
              {
                "name": "APPLE-SA-2010-05-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "35156",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35156"
              },
              {
                "name": "39819",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39819"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "name": "RHSA-2009:1038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
              },
              {
                "name": "RHSA-2009:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:6642",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
              },
              {
                "name": "36185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36185"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "1021920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021920"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "254611",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.apple.com/kb/HT4171"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "jre-plugin-weak-security(49458)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2010-1191",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1191"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2009:036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "name": "APPLE-SA-2010-05-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "name": "39819",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39819"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:6642",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
            },
            {
              "name": "36185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "1021920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021920"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "254611",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.apple.com/kb/HT4171"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "jre-plugin-weak-security(49458)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2010-1191",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1191"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1105",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2009:036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
                },
                {
                  "name": "APPLE-SA-2010-05-18-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "35156",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35156"
                },
                {
                  "name": "39819",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39819"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "RHSA-2009:1038",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
                },
                {
                  "name": "RHSA-2009:1198",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:6642",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
                },
                {
                  "name": "36185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36185"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "1021920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021920"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "254611",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
                },
                {
                  "name": "http://support.apple.com/kb/HT4171",
                  "refsource": "CONFIRM",
                  "url": "http://support.apple.com/kb/HT4171"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "jre-plugin-weak-security(49458)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2010-1191",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/1191"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1105",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:48.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1103 (GCVE-0-2009-1103)

    Vulnerability from cvelistv5 – Published: 2009-03-25 23:00 – Updated: 2024-08-07 04:57
    VLAI
    Summary
    Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35156 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-10… vendor-advisoryx_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html vendor-advisoryx_refsource_REDHAT
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/34495 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36185 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021920 vdb-entryx_refsource_SECTRACK
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/35416 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:57:17.805Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2009:036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "35156",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "name": "RHSA-2009:1038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
              },
              {
                "name": "RHSA-2009:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "RHSA-2009:0394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
              },
              {
                "name": "34495",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34495"
              },
              {
                "name": "36185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36185"
              },
              {
                "name": "oval:org.mitre.oval:def:6542",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "SUSE-SR:2009:011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "1021920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021920"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "254611",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
              },
              {
                "name": "jre-javaplugin-privilege-escalation(49456)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49456"
              },
              {
                "name": "35416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35416"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2009:036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "RHSA-2009:0394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
            },
            {
              "name": "34495",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34495"
            },
            {
              "name": "36185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "oval:org.mitre.oval:def:6542",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "SUSE-SR:2009:011",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "1021920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021920"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "254611",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
            },
            {
              "name": "jre-javaplugin-privilege-escalation(49456)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49456"
            },
            {
              "name": "35416",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1103",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to \"deserializing applets,\" aka CR 6646860."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2009:036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "35156",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35156"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "RHSA-2009:1038",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
                },
                {
                  "name": "RHSA-2009:1198",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "RHSA-2009:0394",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
                },
                {
                  "name": "34495",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34495"
                },
                {
                  "name": "36185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36185"
                },
                {
                  "name": "oval:org.mitre.oval:def:6542",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "SUSE-SR:2009:011",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "1021920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021920"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "254611",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
                },
                {
                  "name": "jre-javaplugin-privilege-escalation(49456)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49456"
                },
                {
                  "name": "35416",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35416"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1103",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:57:17.805Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1104 (GCVE-0-2009-1104)

    Vulnerability from cvelistv5 – Published: 2009-03-25 23:00 – Updated: 2024-08-07 04:57
    VLAI
    Summary
    The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35156 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-10… vendor-advisoryx_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html vendor-advisoryx_refsource_REDHAT
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/34495 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36185 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021920 vdb-entryx_refsource_SECTRACK
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/35416 third-party-advisoryx_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_MISC
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:57:17.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2009:036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "35156",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "jre-plugin-javascriptcode-unauthorized-access(49457)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49457"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "name": "RHSA-2009:1038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
              },
              {
                "name": "RHSA-2009:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "RHSA-2009:0394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
              },
              {
                "name": "34495",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34495"
              },
              {
                "name": "36185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36185"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "SUSE-SR:2009:011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "1021920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021920"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "254611",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
              },
              {
                "name": "35416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35416"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "oval:org.mitre.oval:def:6584",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6584"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331.  NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2009:036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "jre-plugin-javascriptcode-unauthorized-access(49457)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49457"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "RHSA-2009:0394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
            },
            {
              "name": "34495",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34495"
            },
            {
              "name": "36185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "SUSE-SR:2009:011",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "1021920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021920"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "254611",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
            },
            {
              "name": "35416",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "oval:org.mitre.oval:def:6584",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6584"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1104",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331.  NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2009:036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "35156",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35156"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "jre-plugin-javascriptcode-unauthorized-access(49457)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49457"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "RHSA-2009:1038",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
                },
                {
                  "name": "RHSA-2009:1198",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "RHSA-2009:0394",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
                },
                {
                  "name": "34495",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34495"
                },
                {
                  "name": "36185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36185"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "SUSE-SR:2009:011",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "1021920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021920"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "254611",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
                },
                {
                  "name": "35416",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35416"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1",
                  "refsource": "MISC",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "oval:org.mitre.oval:def:6584",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6584"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1104",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:57:17.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1107 (GCVE-0-2009-1107)

    Vulnerability from cvelistv5 – Published: 2009-03-25 23:00 – Updated: 2024-08-07 05:04
    VLAI
    Summary
    The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35156 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37460 third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200911-02.xml vendor-advisoryx_refsource_GENTOO
    http://www.redhat.com/support/errata/RHSA-2009-10… vendor-advisoryx_refsource_REDHAT
    https://rhn.redhat.com/errata/RHSA-2009-1198.html vendor-advisoryx_refsource_REDHAT
    http://www.vmware.com/security/advisories/VMSA-20… x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=124344236532162&w=2 vendor-advisoryx_refsource_HP
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/34495 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36185 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/35255 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1426 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/archive/1/507985/100… mailing-listx_refsource_BUGTRAQ
    http://www.redhat.com/support/errata/RHSA-2009-03… vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/34240 vdb-entryx_refsource_BID
    http://secunia.com/advisories/34496 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1021920 vdb-entryx_refsource_SECTRACK
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/35416 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    http://secunia.com/advisories/37386 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.vupen.com/english/advisories/2009/3316 vdb-entryx_refsource_VUPEN
    Date Public
    2009-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:48.666Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SUSE-SA:2009:036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1"
              },
              {
                "name": "jre-plugin-signedapplet-unauth-access(49460)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49460"
              },
              {
                "name": "oval:org.mitre.oval:def:6585",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6585"
              },
              {
                "name": "SSRT090058",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "35156",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35156"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
              },
              {
                "name": "37460",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37460"
              },
              {
                "name": "GLSA-200911-02",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
              },
              {
                "name": "RHSA-2009:1038",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
              },
              {
                "name": "RHSA-2009:1198",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
              },
              {
                "name": "HPSBUX02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
              },
              {
                "name": "RHSA-2009:0394",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
              },
              {
                "name": "34495",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34495"
              },
              {
                "name": "36185",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36185"
              },
              {
                "name": "35255",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35255"
              },
              {
                "name": "ADV-2009-1426",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1426"
              },
              {
                "name": "SUSE-SR:2009:011",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
              },
              {
                "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
              },
              {
                "name": "RHSA-2009:0392",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
              },
              {
                "name": "34240",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34240"
              },
              {
                "name": "34496",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34496"
              },
              {
                "name": "1021920",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021920"
              },
              {
                "name": "HPSBMA02429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
              },
              {
                "name": "254611",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
              },
              {
                "name": "35416",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35416"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
              },
              {
                "name": "37386",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37386"
              },
              {
                "name": "SUSE-SA:2009:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
              },
              {
                "name": "ADV-2009-3316",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3316"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a \"Swing JLabel HTML parsing vulnerability,\" aka CR 6782871."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SUSE-SA:2009:036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1"
            },
            {
              "name": "jre-plugin-signedapplet-unauth-access(49460)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49460"
            },
            {
              "name": "oval:org.mitre.oval:def:6585",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6585"
            },
            {
              "name": "SSRT090058",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
            },
            {
              "name": "37460",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "GLSA-200911-02",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "RHSA-2009:0394",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
            },
            {
              "name": "34495",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34495"
            },
            {
              "name": "36185",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "35255",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "SUSE-SR:2009:011",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:0392",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "34240",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "1021920",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021920"
            },
            {
              "name": "HPSBMA02429",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "254611",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
            },
            {
              "name": "35416",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1107",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a \"Swing JLabel HTML parsing vulnerability,\" aka CR 6782871."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SUSE-SA:2009:036",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1",
                  "refsource": "MISC",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-14-1"
                },
                {
                  "name": "jre-plugin-signedapplet-unauth-access(49460)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49460"
                },
                {
                  "name": "oval:org.mitre.oval:def:6585",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6585"
                },
                {
                  "name": "SSRT090058",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "35156",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35156"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
                },
                {
                  "name": "37460",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37460"
                },
                {
                  "name": "GLSA-200911-02",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
                },
                {
                  "name": "RHSA-2009:1038",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
                },
                {
                  "name": "RHSA-2009:1198",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
                },
                {
                  "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
                },
                {
                  "name": "HPSBUX02429",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
                },
                {
                  "name": "RHSA-2009:0394",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
                },
                {
                  "name": "34495",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34495"
                },
                {
                  "name": "36185",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36185"
                },
                {
                  "name": "35255",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35255"
                },
                {
                  "name": "ADV-2009-1426",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1426"
                },
                {
                  "name": "SUSE-SR:2009:011",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
                },
                {
                  "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
                },
                {
                  "name": "RHSA-2009:0392",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
                },
                {
                  "name": "34240",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34240"
                },
                {
                  "name": "34496",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34496"
                },
                {
                  "name": "1021920",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021920"
                },
                {
                  "name": "HPSBMA02429",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
                },
                {
                  "name": "254611",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
                },
                {
                  "name": "35416",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35416"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
                },
                {
                  "name": "37386",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37386"
                },
                {
                  "name": "SUSE-SA:2009:016",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
                },
                {
                  "name": "ADV-2009-3316",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3316"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1107",
        "datePublished": "2009-03-25T23:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:48.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3440 (GCVE-0-2008-3440)

    Vulnerability from cvelistv5 – Published: 2008-08-01 14:00 – Updated: 2024-08-07 09:37
    VLAI
    Summary
    Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:37:26.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
              },
              {
                "name": "1020584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020584"
              },
              {
                "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-08-22T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
            },
            {
              "name": "1020584",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020584"
            },
            {
              "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf",
                  "refsource": "MISC",
                  "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
                },
                {
                  "name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz",
                  "refsource": "MISC",
                  "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
                },
                {
                  "name": "1020584",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020584"
                },
                {
                  "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3440",
        "datePublished": "2008-08-01T14:00:00.000Z",
        "dateReserved": "2008-08-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:37:26.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2738 (GCVE-0-2005-2738)

    Vulnerability from cvelistv5 – Published: 2006-08-05 01:00 – Updated: 2024-08-07 22:45
    VLAI
    Summary
    Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ciac.org/ciac/bulletins/p-306.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.vupen.com/english/advisories/2005/1734 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/16808 third-party-advisoryx_refsource_SECUNIA
    http://docs.info.apple.com/article.html?artnum=302265 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/19397 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/14827 vdb-entryx_refsource_BID
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    Date Public
    2005-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:45:02.149Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "P-306",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
              },
              {
                "name": "ADV-2005-1734",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/1734"
              },
              {
                "name": "16808",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16808"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302265"
              },
              {
                "name": "macos-serversocket-obtain-information(22269)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22269"
              },
              {
                "name": "19397",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/19397"
              },
              {
                "name": "14827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14827"
              },
              {
                "name": "APPLE-SA-2005-09-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "P-306",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
            },
            {
              "name": "ADV-2005-1734",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/1734"
            },
            {
              "name": "16808",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16808"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302265"
            },
            {
              "name": "macos-serversocket-obtain-information(22269)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22269"
            },
            {
              "name": "19397",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/19397"
            },
            {
              "name": "14827",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14827"
            },
            {
              "name": "APPLE-SA-2005-09-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2738",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "P-306",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
                },
                {
                  "name": "ADV-2005-1734",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/1734"
                },
                {
                  "name": "16808",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16808"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=302265",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=302265"
                },
                {
                  "name": "macos-serversocket-obtain-information(22269)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22269"
                },
                {
                  "name": "19397",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/19397"
                },
                {
                  "name": "14827",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14827"
                },
                {
                  "name": "APPLE-SA-2005-09-13",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2738",
        "datePublished": "2006-08-05T01:00:00.000Z",
        "dateReserved": "2005-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:45:02.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2530 (GCVE-0-2005-2530)

    Vulnerability from cvelistv5 – Published: 2006-08-05 01:00 – Updated: 2024-08-07 22:30
    VLAI
    Summary
    Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ciac.org/ciac/bulletins/p-306.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.securityfocus.com/bid/14826 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/1734 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/16808 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://docs.info.apple.com/article.html?artnum=302265 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    Date Public
    2005-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:30:00.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "P-306",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
              },
              {
                "name": "14826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14826"
              },
              {
                "name": "ADV-2005-1734",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/1734"
              },
              {
                "name": "16808",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16808"
              },
              {
                "name": "macos-untrusted-applet-gain-privileges(22265)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22265"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302265"
              },
              {
                "name": "APPLE-SA-2005-09-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to \"Mac OS X specific extensions.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "P-306",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
            },
            {
              "name": "14826",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14826"
            },
            {
              "name": "ADV-2005-1734",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/1734"
            },
            {
              "name": "16808",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16808"
            },
            {
              "name": "macos-untrusted-applet-gain-privileges(22265)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22265"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302265"
            },
            {
              "name": "APPLE-SA-2005-09-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2530",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to \"Mac OS X specific extensions.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "P-306",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
                },
                {
                  "name": "14826",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14826"
                },
                {
                  "name": "ADV-2005-1734",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/1734"
                },
                {
                  "name": "16808",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16808"
                },
                {
                  "name": "macos-untrusted-applet-gain-privileges(22265)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22265"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=302265",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=302265"
                },
                {
                  "name": "APPLE-SA-2005-09-13",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2530",
        "datePublished": "2006-08-05T01:00:00.000Z",
        "dateReserved": "2005-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:30:00.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2529 (GCVE-0-2005-2529)

    Vulnerability from cvelistv5 – Published: 2006-08-05 01:00 – Updated: 2024-08-07 22:30
    VLAI
    Summary
    Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ciac.org/ciac/bulletins/p-306.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://docs.info.apple.com/article.html?artnum=302266 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2005/1734 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.apple.com/archives/Security-announce… vendor-advisoryx_refsource_APPLE
    http://secunia.com/advisories/16808 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:30:01.786Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "P-306",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302266"
              },
              {
                "name": "ADV-2005-1734",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/1734"
              },
              {
                "name": "macos-archive-utility-gain-privileges(22264)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22264"
              },
              {
                "name": "APPLE-SA-2005-09-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html"
              },
              {
                "name": "16808",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16808"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to \"the utility used to update Java shared archives.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "P-306",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302266"
            },
            {
              "name": "ADV-2005-1734",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/1734"
            },
            {
              "name": "macos-archive-utility-gain-privileges(22264)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22264"
            },
            {
              "name": "APPLE-SA-2005-09-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html"
            },
            {
              "name": "16808",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16808"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2529",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to \"the utility used to update Java shared archives.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "P-306",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=302266",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=302266"
                },
                {
                  "name": "ADV-2005-1734",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/1734"
                },
                {
                  "name": "macos-archive-utility-gain-privileges(22264)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22264"
                },
                {
                  "name": "APPLE-SA-2005-09-13",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html"
                },
                {
                  "name": "16808",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16808"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2529",
        "datePublished": "2006-08-05T01:00:00.000Z",
        "dateReserved": "2005-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:30:01.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2527 (GCVE-0-2005-2527)

    Vulnerability from cvelistv5 – Published: 2006-08-05 01:00 – Updated: 2024-08-07 22:30
    VLAI
    Summary
    Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ciac.org/ciac/bulletins/p-306.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://docs.info.apple.com/article.html?artnum=302266 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2005/1734 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/16808 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/14825 vdb-entryx_refsource_BID
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    Date Public
    2005-09-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:30:01.393Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "P-306",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://docs.info.apple.com/article.html?artnum=302266"
              },
              {
                "name": "ADV-2005-1734",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/1734"
              },
              {
                "name": "macos-temp-file-race-condition(22262)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22262"
              },
              {
                "name": "16808",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16808"
              },
              {
                "name": "14825",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14825"
              },
              {
                "name": "APPLE-SA-2005-09-13",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "P-306",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://docs.info.apple.com/article.html?artnum=302266"
            },
            {
              "name": "ADV-2005-1734",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/1734"
            },
            {
              "name": "macos-temp-file-race-condition(22262)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22262"
            },
            {
              "name": "16808",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16808"
            },
            {
              "name": "14825",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14825"
            },
            {
              "name": "APPLE-SA-2005-09-13",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-2527",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "P-306",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/p-306.shtml"
                },
                {
                  "name": "http://docs.info.apple.com/article.html?artnum=302266",
                  "refsource": "CONFIRM",
                  "url": "http://docs.info.apple.com/article.html?artnum=302266"
                },
                {
                  "name": "ADV-2005-1734",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/1734"
                },
                {
                  "name": "macos-temp-file-race-condition(22262)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22262"
                },
                {
                  "name": "16808",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/16808"
                },
                {
                  "name": "14825",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/14825"
                },
                {
                  "name": "APPLE-SA-2005-09-13",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-2527",
        "datePublished": "2006-08-05T01:00:00.000Z",
        "dateReserved": "2005-08-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:30:01.393Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1134 (GCVE-0-2003-1134)

    Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-09-17 02:36
    VLAI
    Summary
    Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/8892 vdb-entryx_refsource_BID
    http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:19:44.700Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "8892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/8892"
              },
              {
                "name": "20031026 Java 1.4.2_02 InsecurityManager JVM crash",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-05-10T04:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "8892",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/8892"
            },
            {
              "name": "20031026 Java 1.4.2_02 InsecurityManager JVM crash",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1134",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "8892",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/8892"
                },
                {
                  "name": "20031026 Java 1.4.2_02 InsecurityManager JVM crash",
                  "refsource": "FULLDISC",
                  "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1134",
        "datePublished": "2005-05-10T04:00:00.000Z",
        "dateReserved": "2005-05-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:05.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-0440 (GCVE-0-1999-0440)

    Vulnerability from cvelistv5 – Published: 2000-10-13 04:00 – Updated: 2024-08-01 16:41
    VLAI
    Summary
    The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/1939 vdb-entryx_refsource_BID
    http://java.sun.com/pr/1999/03/pr990329-01.html x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=92333596624452&w=2 mailing-listx_refsource_BUGTRAQ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T16:41:44.840Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/1939"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
              },
              {
                "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-02T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1939",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/1939"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
            },
            {
              "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-0440",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1939",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/1939"
                },
                {
                  "name": "http://java.sun.com/pr/1999/03/pr990329-01.html",
                  "refsource": "CONFIRM",
                  "url": "http://java.sun.com/pr/1999/03/pr990329-01.html"
                },
                {
                  "name": "19990405 Security Hole in Java 2 (and JDK 1.1.x)",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=92333596624452\u0026w=2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-0440",
        "datePublished": "2000-10-13T04:00:00.000Z",
        "dateReserved": "1999-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-01T16:41:44.840Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-1999-0142 (GCVE-0-1999-0142)

    Vulnerability from cvelistv5 – Published: 2000-06-02 04:00 – Updated: 2024-08-01 16:27
    VLAI
    Summary
    The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T16:27:57.727Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-17T06:46:30.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-1999-0142",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer\u0027s Kit 1.0 allows an applet to connect to arbitrary hosts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142",
                  "refsource": "MISC",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-1999-0142",
        "datePublished": "2000-06-02T04:00:00.000Z",
        "dateReserved": "1999-06-07T00:00:00.000Z",
        "dateUpdated": "2024-08-01T16:27:57.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }