Action not permitted
Modal body text goes here.
cve-2009-2719
Vulnerability from cvelistv5
Published
2009-08-10 20:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:59:57.065Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "37460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37460" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://java.sun.com/javase/6/webnotes/6u15.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37386" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3316" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-04T00:00:00", "descriptions": [ { "lang": "en", "value": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "37460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37460" }, { "name": "GLSA-200911-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://java.sun.com/javase/6/webnotes/6u15.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "37386", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37386" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3316" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "37460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37460" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "http://java.sun.com/javase/6/webnotes/6u15.html", "refsource": "CONFIRM", "url": "http://java.sun.com/javase/6/webnotes/6u15.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2719", "datePublished": "2009-08-10T20:00:00", "dateReserved": "2009-08-10T00:00:00", "dateUpdated": "2024-08-07T05:59:57.065Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-2719\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-08-10T20:30:00.577\",\"lastModified\":\"2018-10-10T19:42:00.950\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de Java Web Start en Sun Java SE v6 anteriores a Update 15 permite a los atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (excepci\u00f3n de puntero nulo) mediante un fichero .jnlp modificado, como se ha demostrado al probar jnlp_file/appletDesc/index.html#misc en el Technology Compatibility Kit (TCK) para el Java Network Launching Protocol (JNLP).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*\",\"versionEndIncluding\":\"6\",\"matchCriteriaId\":\"EB9DE8D5-D4F6-45DE-9DB4-9E5BB7E518F9\"}]}]}],\"references\":[{\"url\":\"http://java.sun.com/javase/6/webnotes/6u15.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37386\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200911-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"cve@mitre.org\"}]}}" } }
ghsa-f75p-9w69-p43r
Vulnerability from github
Published
2022-05-02 03:38
Modified
2022-05-02 03:38
Details
The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).
{ "affected": [], "aliases": [ "CVE-2009-2719" ], "database_specific": { "cwe_ids": [ "CWE-119" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2009-08-10T20:30:00Z", "severity": "MODERATE" }, "details": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).", "id": "GHSA-f75p-9w69-p43r", "modified": "2022-05-02T03:38:02Z", "published": "2022-05-02T03:38:02Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2719" }, { "type": "WEB", "url": "http://java.sun.com/javase/6/webnotes/6u15.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/37386" }, { "type": "WEB", "url": "http://secunia.com/advisories/37460" }, { "type": "WEB", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "type": "WEB", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2009/3316" } ], "schema_version": "1.4.0", "severity": [] }
rhsa-2009_1200
Vulnerability from csaf_redhat
Published
2009-08-06 20:41
Modified
2024-11-14 10:46
Summary
Red Hat Security Advisory: java-1.6.0-sun security update
Notes
Topic
Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.
This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,
CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,
CVE-2009-2675, CVE-2009-2676, CVE-2009-2690)
Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated java-1.6.0-sun packages that correct several security issues are\nnow available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and\nthe Sun Java 6 Software Development Kit.\n\nThis update fixes several vulnerabilities in the Sun Java 6 Runtime\nEnvironment and the Sun Java 6 Software Development Kit. These\nvulnerabilities are summarized on the \"Advance notification of Security\nUpdates for Java SE\" page from Sun Microsystems, listed in the References\nsection. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,\nCVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,\nCVE-2009-2675, CVE-2009-2676, CVE-2009-2690)\n\nUsers of java-1.6.0-sun should upgrade to these updated packages, which\ncorrect these issues. All running instances of Sun Java must be restarted\nfor the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1200", "url": "https://access.redhat.com/errata/RHSA-2009:1200" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates5", "url": "http://blogs.sun.com/security/entry/advance_notification_of_security_updates5" }, { "category": "external", "summary": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1" }, { "category": "external", "summary": "511915", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915" }, { "category": "external", "summary": "512896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512896" }, { "category": "external", "summary": "512907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512907" }, { "category": "external", "summary": "512914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512914" }, { "category": "external", "summary": "512915", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512915" }, { "category": "external", "summary": "512920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512920" }, { "category": "external", "summary": "512921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921" }, { "category": "external", "summary": "513215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513215" }, { "category": "external", "summary": "513220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513220" }, { "category": "external", "summary": "513223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513223" }, { "category": "external", "summary": "515890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515890" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1200.json" } ], "title": "Red Hat Security Advisory: java-1.6.0-sun security update", "tracking": { "current_release_date": "2024-11-14T10:46:51+00:00", "generator": { "date": "2024-11-14T10:46:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2009:1200", "initial_release_date": "2009-08-06T20:41:00+00:00", "revision_history": [ { "date": "2009-08-06T20:41:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-08-06T16:41:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:46:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Desktop version 4 Extras", "product": { "name": "Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4 Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.15-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.15-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.15-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.15-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.15-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.15-1jpp.1.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.15-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.15-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.15-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.15-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.15-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "product": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "product_id": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.15-1jpp.1.el5?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.15-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.15-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.15-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.15-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.15-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.15-1jpp.1.el4?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-plugin@1.6.0.15-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-jdbc@1.6.0.15-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-src@1.6.0.15-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-demo@1.6.0.15-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun-devel@1.6.0.15-1jpp.1.el5?arch=i586\u0026epoch=1" } } }, { "category": "product_version", "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "product": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "product_id": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "product_identification_helper": { "purl": "pkg:rpm/redhat/java-1.6.0-sun@1.6.0.15-1jpp.1.el5?arch=i586\u0026epoch=1" } } } ], "category": "architecture", "name": "i586" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" }, "product_reference": "java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "relates_to_product_reference": "5Server-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-0217", "discovery_date": "2009-07-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "511915" } ], "notes": [ { "category": "description", "text": "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.", "title": "Vulnerability description" }, { "category": "summary", "text": "xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0217" }, { "category": "external", "summary": "RHBZ#511915", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0217", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0217" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0217", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0217" } ], "release_date": "2009-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass" }, { "cve": "CVE-2009-2475", "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "513215" } ], "notes": [ { "category": "description", "text": "Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2475" }, { "category": "external", "summary": "RHBZ#513215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513215" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2475", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2475" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2475", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2475" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)" }, { "cve": "CVE-2009-2476", "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "513220" } ], "notes": [ { "category": "description", "text": "The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK OpenType checks can be bypassed (6736293)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2476" }, { "category": "external", "summary": "RHBZ#513220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513220" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2476", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2476" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2476", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2476" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK OpenType checks can be bypassed (6736293)" }, { "cve": "CVE-2009-2625", "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512921" } ], "notes": [ { "category": "description", "text": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK: XML parsing Denial-Of-Service (6845701)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2625" }, { "category": "external", "summary": "RHBZ#512921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2625", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2625" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2625", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2625" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK: XML parsing Denial-Of-Service (6845701)" }, { "cve": "CVE-2009-2670", "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512896" } ], "notes": [ { "category": "description", "text": "The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Untrusted applet System properties access (6738524)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2670" }, { "category": "external", "summary": "RHBZ#512896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2670", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2670" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2670", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2670" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK Untrusted applet System properties access (6738524)" }, { "cve": "CVE-2009-2671", "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512907" } ], "notes": [ { "category": "description", "text": "The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Proxy mechanism information leaks (6801071)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2671" }, { "category": "external", "summary": "RHBZ#512907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512907" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2671", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2671" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2671", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2671" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Proxy mechanism information leaks (6801071)" }, { "cve": "CVE-2009-2672", "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512907" } ], "notes": [ { "category": "description", "text": "The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK Proxy mechanism information leaks (6801071)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2672" }, { "category": "external", "summary": "RHBZ#512907", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512907" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2672", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2672" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK Proxy mechanism information leaks (6801071)" }, { "cve": "CVE-2009-2673", "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512914" } ], "notes": [ { "category": "description", "text": "The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK proxy mechanism allows non-authorized socket connections (6801497)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2673" }, { "category": "external", "summary": "RHBZ#512914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512914" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2673", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2673" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "OpenJDK proxy mechanism allows non-authorized socket connections (6801497)" }, { "cve": "CVE-2009-2674", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512915" } ], "notes": [ { "category": "description", "text": "Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start Buffer JPEG processing integer overflow (6823373)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2674" }, { "category": "external", "summary": "RHBZ#512915", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512915" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2674", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2674" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2674", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2674" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Web Start Buffer JPEG processing integer overflow (6823373)" }, { "cve": "CVE-2009-2675", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512920" } ], "notes": [ { "category": "description", "text": "Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java Web Start Buffer unpack200 processing integer overflow (6830335)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2675" }, { "category": "external", "summary": "RHBZ#512920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512920" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2675", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2675" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2675", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2675" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "Java Web Start Buffer unpack200 processing integer overflow (6830335)" }, { "cve": "CVE-2009-2676", "discovery_date": "2009-08-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "515890" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.", "title": "Vulnerability description" }, { "category": "summary", "text": "JRE applet launcher vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2676" }, { "category": "external", "summary": "RHBZ#515890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2676", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2676" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2676", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2676" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "JRE applet launcher vulnerability" }, { "cve": "CVE-2009-2690", "discovery_date": "2009-07-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "513223" } ], "notes": [ { "category": "description", "text": "The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK private variable information disclosure (6777487)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2690" }, { "category": "external", "summary": "RHBZ#513223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513223" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2690", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2690" } ], "release_date": "2009-08-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "OpenJDK private variable information disclosure (6777487)" }, { "cve": "CVE-2009-2716", "discovery_date": "2009-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "516812" } ], "notes": [ { "category": "description", "text": "The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in \"old zip and certificate handling\" and have unspecified other impact via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK improper version selection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2716" }, { "category": "external", "summary": "RHBZ#516812", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516812" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2716", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2716" } ], "release_date": "2009-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK improper version selection" }, { "cve": "CVE-2009-2718", "discovery_date": "2009-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "516815" } ], "notes": [ { "category": "description", "text": "The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK reposition of untrusted applet security icon in X11", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2718" }, { "category": "external", "summary": "RHBZ#516815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2718", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2718" } ], "release_date": "2009-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "JDK reposition of untrusted applet security icon in X11" }, { "cve": "CVE-2009-2719", "discovery_date": "2009-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "516820" } ], "notes": [ { "category": "description", "text": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK DoS with crafted .jnlp file", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2719" }, { "category": "external", "summary": "RHBZ#516820", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516820" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2719", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2719" } ], "release_date": "2009-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "JDK DoS with crafted .jnlp file" }, { "cve": "CVE-2009-2720", "discovery_date": "2009-08-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "516823" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "JDK DoS with Swing Synthcontext implementation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2720" }, { "category": "external", "summary": "RHBZ#516823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516823" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2720", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2720" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2720", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2720" } ], "release_date": "2009-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-06T20:41:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1200" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4AS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4Desktop-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4ES-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el4.x86_64", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.i586", "4WS-LACD:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el4.x86_64", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Client-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-demo-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-devel-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-jdbc-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-plugin-1:1.6.0.15-1jpp.1.el5.x86_64", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.i586", "5Server-Supplementary:java-1.6.0-sun-src-1:1.6.0.15-1jpp.1.el5.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "JDK DoS with Swing Synthcontext implementation" } ] }
gsd-2009-2719
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).
Aliases
Aliases
{ "GSD": { "alias": "CVE-2009-2719", "description": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).", "id": "GSD-2009-2719", "references": [ "https://access.redhat.com/errata/RHSA-2009:1200" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2009-2719" ], "details": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).", "id": "GSD-2009-2719", "modified": "2023-12-13T01:19:46.867668Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "37460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37460" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "http://java.sun.com/javase/6/webnotes/6u15.html", "refsource": "CONFIRM", "url": "http://java.sun.com/javase/6/webnotes/6u15.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "name": "37386", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37386" }, { "name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2719" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "http://java.sun.com/javase/6/webnotes/6u15.html", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "http://java.sun.com/javase/6/webnotes/6u15.html" }, { "name": "GLSA-200911-02", "refsource": "GENTOO", "tags": [], "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" }, { "name": "37460", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/37460" }, { "name": "37386", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/37386" }, { "name": "ADV-2009-3316", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2018-10-10T19:42Z", "publishedDate": "2009-08-10T20:30Z" } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.