csaf_redhat - rhsa-2009

rhsa-2009_1551

Vulnerability from csaf_redhat

Published

2009-11-04 15:14

Modified

2024-09-13 06:45

Summary

Red Hat Security Advisory: java-1.4.2-ibm security update

Notes

Topic

Updated java-1.4.2-ibm packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5 for SAP. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Details

The IBM 1.4.2 SR13-FP2 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes two vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2008-5349, CVE-2009-2625) Warning: Do not install these java-1.4.2-ibm packages for SAP alongside the java-1.4.2-ibm packages from the Red Hat Enterprise Linux Extras or Supplementary channels on the Red Hat Network. Doing so could cause your system to fail to update cleanly, among other possible problems. All users of java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP2 Java release. All running instances of IBM Java must be restarted for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated java-1.4.2-ibm packages that fix two security issues are now\navailable for Red Hat Enterprise Linux 4 and 5 for SAP.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The IBM 1.4.2 SR13-FP2 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nThis update fixes two vulnerabilities in the IBM Java 2 Runtime Environment\nand the IBM Java 2 Software Development Kit. These vulnerabilities are\nsummarized on the IBM \"Security alerts\" page listed in the References\nsection. (CVE-2008-5349, CVE-2009-2625)\n\nWarning: Do not install these java-1.4.2-ibm packages for SAP alongside the\njava-1.4.2-ibm packages from the Red Hat Enterprise Linux Extras or\nSupplementary channels on the Red Hat Network. Doing so could cause your\nsystem to fail to update cleanly, among other possible problems.\n\nAll users of java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP\nare advised to upgrade to these updated packages, which contain the IBM\n1.4.2 SR13-FP2 Java release. All running instances of IBM Java must be\nrestarted for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1551",
        "url": "https://access.redhat.com/errata/RHSA-2009:1551"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.ibm.com/developerworks/java/jdk/alerts/",
        "url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
      },
      {
        "category": "external",
        "summary": "472206",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472206"
      },
      {
        "category": "external",
        "summary": "512921",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2009/rhsa-2009_1551.json"
      }
    ],
    "title": "Red Hat Security Advisory: java-1.4.2-ibm security update",
    "tracking": {
      "current_release_date": "2024-09-13T06:45:43+00:00",
      "generator": {
        "date": "2024-09-13T06:45:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2009:1551",
      "initial_release_date": "2009-11-04T15:14:00+00:00",
      "revision_history": [
        {
          "date": "2009-11-04T15:14:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-11-04T10:14:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T06:45:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL 4 AS for SAP",
                "product": {
                  "name": "RHEL 4 AS for SAP",
                  "product_id": "4AS-SAP",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras_sap:4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "RHEL 5 Server for SAP",
                "product": {
                  "name": "RHEL 5 Server for SAP",
                  "product_id": "5Server-SAP",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras_sap:5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "RHEL for SAP"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_id": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.13.2.sap-1jpp.4.el4_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_id": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-demo@1.4.2.13.2.sap-1jpp.4.el4_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_id": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-javacomm@1.4.2.13.2.sap-1jpp.4.el4_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_id": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.13.2.sap-1jpp.4.el4_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_id": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-src@1.4.2.13.2.sap-1jpp.4.el4_8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_id": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-devel@1.4.2.13.2.sap-1jpp.4.el5_3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_id": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-src@1.4.2.13.2.sap-1jpp.4.el5_3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_id": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm@1.4.2.13.2.sap-1jpp.4.el5_3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_id": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-demo@1.4.2.13.2.sap-1jpp.4.el5_3?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                "product": {
                  "name": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_id": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/java-1.4.2-ibm-javacomm@1.4.2.13.2.sap-1jpp.4.el5_3?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
          "product_id": "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
        "relates_to_product_reference": "4AS-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
          "product_id": "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
        "relates_to_product_reference": "4AS-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
          "product_id": "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
        "relates_to_product_reference": "4AS-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
          "product_id": "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
        "relates_to_product_reference": "4AS-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64 as a component of RHEL 4 AS for SAP",
          "product_id": "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
        "relates_to_product_reference": "4AS-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64 as a component of RHEL 5 Server for SAP",
          "product_id": "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
        "relates_to_product_reference": "5Server-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64 as a component of RHEL 5 Server for SAP",
          "product_id": "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
        "relates_to_product_reference": "5Server-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64 as a component of RHEL 5 Server for SAP",
          "product_id": "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
        "relates_to_product_reference": "5Server-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64 as a component of RHEL 5 Server for SAP",
          "product_id": "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
        "relates_to_product_reference": "5Server-SAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64 as a component of RHEL 5 Server for SAP",
          "product_id": "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        },
        "product_reference": "java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
        "relates_to_product_reference": "5Server-SAP"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5349",
      "discovery_date": "2008-11-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "472206"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK RSA public key length denial-of-service (6497740)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5349"
        },
        {
          "category": "external",
          "summary": "RHBZ#472206",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472206"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5349"
        }
      ],
      "release_date": "2008-12-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1551"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "products": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK RSA public key length denial-of-service (6497740)"
    },
    {
      "cve": "CVE-2009-1100",
      "discovery_date": "2009-03-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "492305"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) \"limits on Font creation,\" aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK: DoS (disk consumption) via handling of temporary font files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1100"
        },
        {
          "category": "external",
          "summary": "RHBZ#492305",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=492305"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1100",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1100",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1100"
        }
      ],
      "release_date": "2009-03-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1551"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "OpenJDK: DoS (disk consumption) via handling of temporary font files"
    },
    {
      "cve": "CVE-2009-2625",
      "discovery_date": "2009-07-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "512921"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JDK: XML parsing Denial-Of-Service (6845701)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-2625"
        },
        {
          "category": "external",
          "summary": "RHBZ#512921",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2625",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2625",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2625"
        }
      ],
      "release_date": "2009-08-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1551"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "JDK: XML parsing Denial-Of-Service (6845701)"
    },
    {
      "cve": "CVE-2009-3868",
      "discovery_date": "2009-11-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "533215"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3868"
        },
        {
          "category": "external",
          "summary": "RHBZ#533215",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533215"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3868"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3868",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3868"
        }
      ],
      "release_date": "2009-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1551"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)"
    },
    {
      "cve": "CVE-2009-3872",
      "discovery_date": "2009-11-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "532906"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "JRE JPEG JFIF Decoder issue (6862969)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3872"
        },
        {
          "category": "external",
          "summary": "RHBZ#532906",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532906"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3872",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3872"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3872",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3872"
        }
      ],
      "release_date": "2009-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1551"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "JRE JPEG JFIF Decoder issue (6862969)"
    },
    {
      "cve": "CVE-2009-3873",
      "discovery_date": "2009-10-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "530053"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a \"quantization problem,\" aka Bug Id 6862968.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK JPEG Image Writer quantization problem (6862968)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3873"
        },
        {
          "category": "external",
          "summary": "RHBZ#530053",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530053"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3873"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3873",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3873"
        }
      ],
      "release_date": "2009-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1551"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "OpenJDK JPEG Image Writer quantization problem (6862968)"
    },
    {
      "cve": "CVE-2009-3876",
      "discovery_date": "2009-10-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "530061"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3876"
        },
        {
          "category": "external",
          "summary": "RHBZ#530061",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530061"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3876",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3876"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3876",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3876"
        }
      ],
      "release_date": "2009-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1551"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877"
    },
    {
      "cve": "CVE-2009-3877",
      "discovery_date": "2009-10-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "530061"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
          "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
          "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3877"
        },
        {
          "category": "external",
          "summary": "RHBZ#530061",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530061"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3877",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3877"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3877",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3877"
        }
      ],
      "release_date": "2009-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1551"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "4AS-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el4_8.x86_64",
            "5Server-SAP:java-1.4.2-ibm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-demo-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-devel-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-javacomm-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64",
            "5Server-SAP:java-1.4.2-ibm-src-0:1.4.2.13.2.sap-1jpp.4.el5_3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877"
    }
  ]
}

cve-2008-5349

Vulnerability from cvelistv5

Published

2008-12-05 11:00

Modified

2024-08-07 10:49

Severity

Summary

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.

References

URL	Tags
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133	vendor-advisory, x_refsource_HP
http://secunia.com/advisories/34259	third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/47064	vdb-entry, x_refsource_XF
http://rhn.redhat.com/errata/RHSA-2008-1018.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/33015	third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm	x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/504010/100/0/threaded	vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor-advisory, x_refsource_GENTOO
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf	x_refsource_CONFIRM
http://secunia.com/advisories/35255	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34972	third-party-advisory, x_refsource_SECUNIA
https://rhn.redhat.com/errata/RHSA-2009-0466.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	vendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2009/1426	vdb-entry, x_refsource_VUPEN
http://rhn.redhat.com/errata/RHSA-2008-1025.html	vendor-advisory, x_refsource_REDHAT
http://www.vupen.com/english/advisories/2008/3339	vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2009-0016.html	vendor-advisory, x_refsource_REDHAT
http://www.us-cert.gov/cas/techalerts/TA08-340A.html	third-party-advisory, x_refsource_CERT
http://secunia.com/advisories/33709	third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133	vendor-advisory, x_refsource_HP
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=	x_refsource_CONFIRM
http://osvdb.org/50504	vdb-entry, x_refsource_OSVDB
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5843	vdb-entry, signature, x_refsource_OVAL
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html	vendor-advisory, x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246286-1	vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/32991	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/32608	vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html	vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/37386	third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1021309	vdb-entry, x_refsource_SECTRACK

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT090058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
          },
          {
            "name": "34259",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34259"
          },
          {
            "name": "sun-jre-rsa-dos(47064)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47064"
          },
          {
            "name": "RHSA-2008:1018",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html"
          },
          {
            "name": "33015",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33015"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm"
          },
          {
            "name": "HPSBUX02429",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504010/100/0/threaded"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf"
          },
          {
            "name": "35255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35255"
          },
          {
            "name": "34972",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34972"
          },
          {
            "name": "RHSA-2009:0466",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html"
          },
          {
            "name": "SUSE-SR:2009:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
          },
          {
            "name": "ADV-2009-1426",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1426"
          },
          {
            "name": "RHSA-2008:1025",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html"
          },
          {
            "name": "ADV-2008-3339",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3339"
          },
          {
            "name": "RHSA-2009:0016",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html"
          },
          {
            "name": "TA08-340A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html"
          },
          {
            "name": "33709",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33709"
          },
          {
            "name": "HPSBMA02429",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=829914\u0026poid="
          },
          {
            "name": "50504",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/50504"
          },
          {
            "name": "oval:org.mitre.oval:def:5843",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5843"
          },
          {
            "name": "SUSE-SR:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
          },
          {
            "name": "246286",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246286-1"
          },
          {
            "name": "32991",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32991"
          },
          {
            "name": "32608",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32608"
          },
          {
            "name": "SUSE-SR:2009:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          },
          {
            "name": "1021309",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021309"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SSRT090058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
        },
        {
          "name": "34259",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34259"
        },
        {
          "name": "sun-jre-rsa-dos(47064)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47064"
        },
        {
          "name": "RHSA-2008:1018",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html"
        },
        {
          "name": "33015",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33015"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm"
        },
        {
          "name": "HPSBUX02429",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/504010/100/0/threaded"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf"
        },
        {
          "name": "35255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35255"
        },
        {
          "name": "34972",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34972"
        },
        {
          "name": "RHSA-2009:0466",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html"
        },
        {
          "name": "SUSE-SR:2009:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
        },
        {
          "name": "ADV-2009-1426",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1426"
        },
        {
          "name": "RHSA-2008:1025",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html"
        },
        {
          "name": "ADV-2008-3339",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3339"
        },
        {
          "name": "RHSA-2009:0016",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html"
        },
        {
          "name": "TA08-340A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html"
        },
        {
          "name": "33709",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33709"
        },
        {
          "name": "HPSBMA02429",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=829914\u0026poid="
        },
        {
          "name": "50504",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/50504"
        },
        {
          "name": "oval:org.mitre.oval:def:5843",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5843"
        },
        {
          "name": "SUSE-SR:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
        },
        {
          "name": "246286",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246286-1"
        },
        {
          "name": "32991",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32991"
        },
        {
          "name": "32608",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32608"
        },
        {
          "name": "SUSE-SR:2009:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        },
        {
          "name": "1021309",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021309"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT090058",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "34259",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34259"
            },
            {
              "name": "sun-jre-rsa-dos(47064)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47064"
            },
            {
              "name": "RHSA-2008:1018",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html"
            },
            {
              "name": "33015",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33015"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-491.htm"
            },
            {
              "name": "HPSBUX02429",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/504010/100/0/threaded"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf",
              "refsource": "CONFIRM",
              "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf"
            },
            {
              "name": "35255",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "34972",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34972"
            },
            {
              "name": "RHSA-2009:0466",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html"
            },
            {
              "name": "SUSE-SR:2009:006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
            },
            {
              "name": "ADV-2009-1426",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "RHSA-2008:1025",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html"
            },
            {
              "name": "ADV-2008-3339",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3339"
            },
            {
              "name": "RHSA-2009:0016",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html"
            },
            {
              "name": "TA08-340A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html"
            },
            {
              "name": "33709",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33709"
            },
            {
              "name": "HPSBMA02429",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=829914\u0026poid=",
              "refsource": "CONFIRM",
              "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL\u0026DocumentOID=829914\u0026poid="
            },
            {
              "name": "50504",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/50504"
            },
            {
              "name": "oval:org.mitre.oval:def:5843",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5843"
            },
            {
              "name": "SUSE-SR:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "246286",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-246286-1"
            },
            {
              "name": "32991",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32991"
            },
            {
              "name": "32608",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32608"
            },
            {
              "name": "SUSE-SR:2009:017",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "1021309",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021309"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5349",
    "datePublished": "2008-12-05T11:00:00",
    "dateReserved": "2008-12-04T00:00:00",
    "dateUpdated": "2024-08-07T10:49:12.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3868

Vulnerability from cvelistv5

Published

2009-11-05 16:00

Modified

2024-08-07 06:45

Severity

Summary

Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.

References

URL	Tags
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/36881	vdb-entry, x_refsource_BID
http://support.apple.com/kb/HT3970	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
http://support.apple.com/kb/HT3969	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1694.html	vendor-advisory, x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html	vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/37231	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1023132	vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11834	vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html	vendor-advisory, x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1	vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2009/3131	vdb-entry, x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/37581	third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html	x_refsource_CONFIRM
http://java.sun.com/javase/6/webnotes/6u17.html	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6786	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37841	third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8622	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37239	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37386	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX02503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "36881",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36881"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3970"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3969"
          },
          {
            "name": "HPSBMU02703",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "RHSA-2009:1694",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
          },
          {
            "name": "APPLE-SA-2009-12-03-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
          },
          {
            "name": "37231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37231"
          },
          {
            "name": "SSRT100019",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "1023132",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023132"
          },
          {
            "name": "oval:org.mitre.oval:def:11834",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11834"
          },
          {
            "name": "SSRT100242",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "SUSE-SA:2009:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
          },
          {
            "name": "270474",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
          },
          {
            "name": "ADV-2009-3131",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3131"
          },
          {
            "name": "APPLE-SA-2009-12-03-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
          },
          {
            "name": "37581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6786",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6786"
          },
          {
            "name": "37841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37841"
          },
          {
            "name": "oval:org.mitre.oval:def:8622",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8622"
          },
          {
            "name": "37239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37239"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBUX02503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "36881",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36881"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3970"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3969"
        },
        {
          "name": "HPSBMU02703",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "RHSA-2009:1694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
        },
        {
          "name": "APPLE-SA-2009-12-03-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
        },
        {
          "name": "37231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37231"
        },
        {
          "name": "SSRT100019",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "1023132",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023132"
        },
        {
          "name": "oval:org.mitre.oval:def:11834",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11834"
        },
        {
          "name": "SSRT100242",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "SUSE-SA:2009:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
        },
        {
          "name": "270474",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
        },
        {
          "name": "ADV-2009-3131",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3131"
        },
        {
          "name": "APPLE-SA-2009-12-03-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
        },
        {
          "name": "37581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6786",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6786"
        },
        {
          "name": "37841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37841"
        },
        {
          "name": "oval:org.mitre.oval:def:8622",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8622"
        },
        {
          "name": "37239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37239"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3868",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX02503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "36881",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36881"
            },
            {
              "name": "http://support.apple.com/kb/HT3970",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3970"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT3969",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3969"
            },
            {
              "name": "HPSBMU02703",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1694",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
            },
            {
              "name": "APPLE-SA-2009-12-03-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
            },
            {
              "name": "37231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37231"
            },
            {
              "name": "SSRT100019",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "1023132",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023132"
            },
            {
              "name": "oval:org.mitre.oval:def:11834",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11834"
            },
            {
              "name": "SSRT100242",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "SUSE-SA:2009:058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
            },
            {
              "name": "270474",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
            },
            {
              "name": "ADV-2009-3131",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3131"
            },
            {
              "name": "APPLE-SA-2009-12-03-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
            },
            {
              "name": "37581",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37581"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
            },
            {
              "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
              "refsource": "CONFIRM",
              "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6786",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6786"
            },
            {
              "name": "37841",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37841"
            },
            {
              "name": "oval:org.mitre.oval:def:8622",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8622"
            },
            {
              "name": "37239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37239"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3868",
    "datePublished": "2009-11-05T16:00:00",
    "dateReserved": "2009-11-05T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-1100

Vulnerability from cvelistv5

Published

2009-03-25 23:00

Modified

2024-08-07 04:57

Severity

Summary

Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.

References

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html	vendor-advisory, x_refsource_SUSE
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133	vendor-advisory, x_refsource_HP
http://secunia.com/advisories/35156	third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html	vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/35776	third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm	x_refsource_CONFIRM
http://secunia.com/advisories/37460	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/34489	third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1038.html	vendor-advisory, x_refsource_REDHAT
https://rhn.redhat.com/errata/RHSA-2009-1198.html	vendor-advisory, x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6224	vdb-entry, signature, x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1	vendor-advisory, x_refsource_SUNALERT
http://marc.info/?l=bugtraq&m=124344236532162&w=2	vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2009-0394.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/34495	third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1021917	vdb-entry, x_refsource_SECTRACK
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1	x_refsource_MISC
http://secunia.com/advisories/36185	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35255	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1426	vdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html	vendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/507985/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2009-0392.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/35223	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/34240	vdb-entry, x_refsource_BID
http://secunia.com/advisories/34496	third-party-advisory, x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133	vendor-advisory, x_refsource_HP
http://www.ubuntu.com/usn/usn-748-1	vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/35416	third-party-advisory, x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm	x_refsource_CONFIRM
http://secunia.com/advisories/37386	third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html	vendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2009/3316	vdb-entry, x_refsource_VUPEN

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:57:17.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2009:036",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
          },
          {
            "name": "SSRT090058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
          },
          {
            "name": "35156",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35156"
          },
          {
            "name": "SUSE-SA:2009:029",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
          },
          {
            "name": "35776",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35776"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
          },
          {
            "name": "37460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37460"
          },
          {
            "name": "34489",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34489"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "RHSA-2009:1038",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
          },
          {
            "name": "RHSA-2009:1198",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6224",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6224"
          },
          {
            "name": "254608",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1"
          },
          {
            "name": "HPSBUX02429",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
          },
          {
            "name": "RHSA-2009:0394",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
          },
          {
            "name": "34495",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34495"
          },
          {
            "name": "1021917",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021917"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1"
          },
          {
            "name": "36185",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36185"
          },
          {
            "name": "35255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35255"
          },
          {
            "name": "ADV-2009-1426",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1426"
          },
          {
            "name": "SUSE-SR:2009:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
          },
          {
            "name": "RHSA-2009:0392",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
          },
          {
            "name": "35223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35223"
          },
          {
            "name": "34240",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34240"
          },
          {
            "name": "34496",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34496"
          },
          {
            "name": "HPSBMA02429",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
          },
          {
            "name": "USN-748-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-748-1"
          },
          {
            "name": "35416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35416"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          },
          {
            "name": "SUSE-SA:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) \"limits on Font creation,\" aka CR 6522586, and (2) another unspecified vector, aka CR 6632886."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SA:2009:036",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
        },
        {
          "name": "SSRT090058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
        },
        {
          "name": "35156",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35156"
        },
        {
          "name": "SUSE-SA:2009:029",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
        },
        {
          "name": "35776",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35776"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
        },
        {
          "name": "37460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37460"
        },
        {
          "name": "34489",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34489"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "RHSA-2009:1038",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
        },
        {
          "name": "RHSA-2009:1198",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6224",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6224"
        },
        {
          "name": "254608",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1"
        },
        {
          "name": "HPSBUX02429",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
        },
        {
          "name": "RHSA-2009:0394",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
        },
        {
          "name": "34495",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34495"
        },
        {
          "name": "1021917",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021917"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1"
        },
        {
          "name": "36185",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36185"
        },
        {
          "name": "35255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35255"
        },
        {
          "name": "ADV-2009-1426",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1426"
        },
        {
          "name": "SUSE-SR:2009:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
        },
        {
          "name": "RHSA-2009:0392",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
        },
        {
          "name": "35223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35223"
        },
        {
          "name": "34240",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34240"
        },
        {
          "name": "34496",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34496"
        },
        {
          "name": "HPSBMA02429",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
        },
        {
          "name": "USN-748-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-748-1"
        },
        {
          "name": "35416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35416"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        },
        {
          "name": "SUSE-SA:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1100",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) \"limits on Font creation,\" aka CR 6522586, and (2) another unspecified vector, aka CR 6632886."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SA:2009:036",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
            },
            {
              "name": "SSRT090058",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "35156",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35156"
            },
            {
              "name": "SUSE-SA:2009:029",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
            },
            {
              "name": "35776",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35776"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
            },
            {
              "name": "37460",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "34489",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34489"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1038",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
            },
            {
              "name": "RHSA-2009:1198",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6224",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6224"
            },
            {
              "name": "254608",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1"
            },
            {
              "name": "HPSBUX02429",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=124344236532162\u0026w=2"
            },
            {
              "name": "RHSA-2009:0394",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
            },
            {
              "name": "34495",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34495"
            },
            {
              "name": "1021917",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021917"
            },
            {
              "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1",
              "refsource": "MISC",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1"
            },
            {
              "name": "36185",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36185"
            },
            {
              "name": "35255",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35255"
            },
            {
              "name": "ADV-2009-1426",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1426"
            },
            {
              "name": "SUSE-SR:2009:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
            },
            {
              "name": "RHSA-2009:0392",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
            },
            {
              "name": "35223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35223"
            },
            {
              "name": "34240",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34240"
            },
            {
              "name": "34496",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34496"
            },
            {
              "name": "HPSBMA02429",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01745133"
            },
            {
              "name": "USN-748-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-748-1"
            },
            {
              "name": "35416",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35416"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "SUSE-SA:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1100",
    "datePublished": "2009-03-25T23:00:00",
    "dateReserved": "2009-03-25T00:00:00",
    "dateUpdated": "2024-08-07T04:57:17.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3877

Vulnerability from cvelistv5

Published

2009-11-05 16:00

Modified

2024-08-07 06:45

Severity

Summary

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.

References

URL	Tags
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/36881	vdb-entry, x_refsource_BID
http://support.apple.com/kb/HT3970	x_refsource_CONFIRM
http://support.apple.com/kb/HT3969	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7148	vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1694.html	vendor-advisory, x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html	vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/37231	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10469	vdb-entry, signature, x_refsource_OVAL
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html	vendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2009/3131	vdb-entry, x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
http://secunia.com/advisories/37581	third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html	x_refsource_CONFIRM
http://java.sun.com/javase/6/webnotes/6u17.html	x_refsource_CONFIRM
http://secunia.com/advisories/37841	third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1	vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12232	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37239	third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/37386	third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8330	vdb-entry, signature, x_refsource_OVAL

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX02503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "36881",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36881"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3970"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3969"
          },
          {
            "name": "oval:org.mitre.oval:def:7148",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7148"
          },
          {
            "name": "HPSBMU02703",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "RHSA-2009:1694",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
          },
          {
            "name": "APPLE-SA-2009-12-03-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
          },
          {
            "name": "37231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37231"
          },
          {
            "name": "SSRT100019",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "SSRT100242",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:10469",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10469"
          },
          {
            "name": "SUSE-SA:2009:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
          },
          {
            "name": "ADV-2009-3131",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3131"
          },
          {
            "name": "APPLE-SA-2009-12-03-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
          },
          {
            "name": "37581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
          },
          {
            "name": "37841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37841"
          },
          {
            "name": "270476",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1"
          },
          {
            "name": "oval:org.mitre.oval:def:12232",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12232"
          },
          {
            "name": "37239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37239"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          },
          {
            "name": "oval:org.mitre.oval:def:8330",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8330"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBUX02503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "36881",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36881"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3970"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3969"
        },
        {
          "name": "oval:org.mitre.oval:def:7148",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7148"
        },
        {
          "name": "HPSBMU02703",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "RHSA-2009:1694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
        },
        {
          "name": "APPLE-SA-2009-12-03-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
        },
        {
          "name": "37231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37231"
        },
        {
          "name": "SSRT100019",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "SSRT100242",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:10469",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10469"
        },
        {
          "name": "SUSE-SA:2009:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
        },
        {
          "name": "ADV-2009-3131",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3131"
        },
        {
          "name": "APPLE-SA-2009-12-03-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
        },
        {
          "name": "37581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
        },
        {
          "name": "37841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37841"
        },
        {
          "name": "270476",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1"
        },
        {
          "name": "oval:org.mitre.oval:def:12232",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12232"
        },
        {
          "name": "37239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37239"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        },
        {
          "name": "oval:org.mitre.oval:def:8330",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8330"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3877",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX02503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "36881",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36881"
            },
            {
              "name": "http://support.apple.com/kb/HT3970",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3970"
            },
            {
              "name": "http://support.apple.com/kb/HT3969",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3969"
            },
            {
              "name": "oval:org.mitre.oval:def:7148",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7148"
            },
            {
              "name": "HPSBMU02703",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1694",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
            },
            {
              "name": "APPLE-SA-2009-12-03-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
            },
            {
              "name": "37231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37231"
            },
            {
              "name": "SSRT100019",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "SSRT100242",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:10469",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10469"
            },
            {
              "name": "SUSE-SA:2009:058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
            },
            {
              "name": "ADV-2009-3131",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3131"
            },
            {
              "name": "APPLE-SA-2009-12-03-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
            },
            {
              "name": "37581",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37581"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
            },
            {
              "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
              "refsource": "CONFIRM",
              "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
            },
            {
              "name": "37841",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37841"
            },
            {
              "name": "270476",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1"
            },
            {
              "name": "oval:org.mitre.oval:def:12232",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12232"
            },
            {
              "name": "37239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37239"
            },
            {
              "name": "MDVSA-2010:084",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "oval:org.mitre.oval:def:8330",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8330"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3877",
    "datePublished": "2009-11-05T16:00:00",
    "dateReserved": "2009-11-05T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3872

Vulnerability from cvelistv5

Published

2009-11-05 16:00

Modified

2024-08-07 06:45

Severity

Summary

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.

References

URL	Tags
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/36881	vdb-entry, x_refsource_BID
http://support.apple.com/kb/HT3970	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
http://support.apple.com/kb/HT3969	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1694.html	vendor-advisory, x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html	vendor-advisory, x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6963	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37231	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1023132	vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html	vendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11715	vdb-entry, signature, x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1	vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2009/3131	vdb-entry, x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8475	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37581	third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html	x_refsource_CONFIRM
http://java.sun.com/javase/6/webnotes/6u17.html	x_refsource_CONFIRM
http://secunia.com/advisories/37841	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37239	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/37386	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX02503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "36881",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36881"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3970"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3969"
          },
          {
            "name": "HPSBMU02703",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "RHSA-2009:1694",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
          },
          {
            "name": "APPLE-SA-2009-12-03-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6963",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6963"
          },
          {
            "name": "37231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37231"
          },
          {
            "name": "SSRT100019",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "1023132",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023132"
          },
          {
            "name": "SSRT100242",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "SUSE-SA:2009:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11715",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11715"
          },
          {
            "name": "270474",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
          },
          {
            "name": "ADV-2009-3131",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3131"
          },
          {
            "name": "APPLE-SA-2009-12-03-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
          },
          {
            "name": "oval:org.mitre.oval:def:8475",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8475"
          },
          {
            "name": "37581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
          },
          {
            "name": "37841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37841"
          },
          {
            "name": "37239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37239"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBUX02503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "36881",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36881"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3970"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3969"
        },
        {
          "name": "HPSBMU02703",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "RHSA-2009:1694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
        },
        {
          "name": "APPLE-SA-2009-12-03-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6963",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6963"
        },
        {
          "name": "37231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37231"
        },
        {
          "name": "SSRT100019",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "1023132",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023132"
        },
        {
          "name": "SSRT100242",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "SUSE-SA:2009:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11715",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11715"
        },
        {
          "name": "270474",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
        },
        {
          "name": "ADV-2009-3131",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3131"
        },
        {
          "name": "APPLE-SA-2009-12-03-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
        },
        {
          "name": "oval:org.mitre.oval:def:8475",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8475"
        },
        {
          "name": "37581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
        },
        {
          "name": "37841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37841"
        },
        {
          "name": "37239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37239"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX02503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "36881",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36881"
            },
            {
              "name": "http://support.apple.com/kb/HT3970",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3970"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT3969",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3969"
            },
            {
              "name": "HPSBMU02703",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1694",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
            },
            {
              "name": "APPLE-SA-2009-12-03-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6963",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6963"
            },
            {
              "name": "37231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37231"
            },
            {
              "name": "SSRT100019",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "1023132",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023132"
            },
            {
              "name": "SSRT100242",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "SUSE-SA:2009:058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11715",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11715"
            },
            {
              "name": "270474",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
            },
            {
              "name": "ADV-2009-3131",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3131"
            },
            {
              "name": "APPLE-SA-2009-12-03-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:8475",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8475"
            },
            {
              "name": "37581",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37581"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
            },
            {
              "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
              "refsource": "CONFIRM",
              "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
            },
            {
              "name": "37841",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37841"
            },
            {
              "name": "37239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37239"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3872",
    "datePublished": "2009-11-05T16:00:00",
    "dateReserved": "2009-11-05T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2625

Vulnerability from cvelistv5

Published

2009-08-06 15:00

Modified

2024-08-07 05:59

Severity

Summary

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

References

URL	Tags
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026	vendor-advisory, x_refsource_SLACKWARE
https://rhn.redhat.com/errata/RHSA-2009-1200.html	vendor-advisory, x_refsource_REDHAT
https://rhn.redhat.com/errata/RHSA-2009-1199.html	vendor-advisory, x_refsource_REDHAT
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html	x_refsource_MISC
http://www.ubuntu.com/usn/USN-890-1	vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/36162	third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2543	vdb-entry, x_refsource_VUPEN
http://www.debian.org/security/2010/dsa-1984	vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2009/10/22/9	mailing-list, x_refsource_MLIST
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1	vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/37460	third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2009-1615.html	vendor-advisory, x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=125787273209737&w=2	vendor-advisory, x_refsource_HP
http://secunia.com/advisories/37754	third-party-advisory, x_refsource_SECUNIA
https://rhn.redhat.com/errata/RHSA-2009-1637.html	vendor-advisory, x_refsource_REDHAT
http://www.cert.fi/en/reports/2009/vulnerability2009085.html	x_refsource_MISC
http://www.codenomicon.com/labs/xml/	x_refsource_MISC
http://secunia.com/advisories/36199	third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-1537.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	vendor-advisory, x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209	vendor-advisory, x_refsource_MANDRIVA
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html	vendor-advisory, x_refsource_FEDORA
http://www.redhat.com/support/errata/RHSA-2011-0858.html	vendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=125787273209737&w=2	vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id?1022680	vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/37671	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/38342	third-party-advisory, x_refsource_SECUNIA
https://rhn.redhat.com/errata/RHSA-2009-1636.html	vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/35958	vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/507985/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
https://rhn.redhat.com/errata/RHSA-2009-1649.html	vendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2009/10/26/3	mailing-list, x_refsource_MLIST
http://www.us-cert.gov/cas/techalerts/TA09-294A.html	third-party-advisory, x_refsource_CERT
http://secunia.com/advisories/50549	third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/36180	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/38231	third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1	vendor-advisory, x_refsource_SUNALERT
http://www.mandriva.com/security/advisories?name=MDVSA-2011:108	vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html	x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1	x_refsource_CONFIRM
http://secunia.com/advisories/36176	third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html	vendor-advisory, x_refsource_FEDORA
http://secunia.com/advisories/43300	third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356	vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA10-012A.html	third-party-advisory, x_refsource_CERT
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2012-1232.html	vendor-advisory, x_refsource_REDHAT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1	vendor-advisory, x_refsource_SUNALERT
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h	x_refsource_CONFIRM
http://secunia.com/advisories/37300	third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html	vendor-advisory, x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	vendor-advisory, x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=512921	x_refsource_CONFIRM
https://rhn.redhat.com/errata/RHSA-2009-1201.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html	vendor-advisory, x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2009/09/06/1	mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2009/10/23/6	mailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2011/0359	vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3316	vdb-entry, x_refsource_VUPEN
https://rhn.redhat.com/errata/RHSA-2009-1650.html	vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:56.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2011-041-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.486026"
          },
          {
            "name": "RHSA-2009:1200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
          },
          {
            "name": "RHSA-2009:1199",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
          },
          {
            "name": "USN-890-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-890-1"
          },
          {
            "name": "36162",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36162"
          },
          {
            "name": "ADV-2009-2543",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2543"
          },
          {
            "name": "DSA-1984",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-1984"
          },
          {
            "name": "[oss-security] 20091022 Re: Regarding expat bug 1990430",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9"
          },
          {
            "name": "1021506",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"
          },
          {
            "name": "37460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37460"
          },
          {
            "name": "RHSA-2009:1615",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "HPSBUX02476",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
          },
          {
            "name": "37754",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37754"
          },
          {
            "name": "RHSA-2009:1637",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.codenomicon.com/labs/xml/"
          },
          {
            "name": "36199",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36199"
          },
          {
            "name": "RHSA-2012:1537",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html"
          },
          {
            "name": "SUSE-SR:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
          },
          {
            "name": "MDVSA-2009:209",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
          },
          {
            "name": "FEDORA-2009-8329",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
          },
          {
            "name": "RHSA-2011:0858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html"
          },
          {
            "name": "SSRT090250",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
          },
          {
            "name": "1022680",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022680"
          },
          {
            "name": "37671",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37671"
          },
          {
            "name": "38342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38342"
          },
          {
            "name": "RHSA-2009:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
          },
          {
            "name": "35958",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35958"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "RHSA-2009:1649",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
          },
          {
            "name": "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3"
          },
          {
            "name": "TA09-294A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
          },
          {
            "name": "50549",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50549"
          },
          {
            "name": "oval:org.mitre.oval:def:8520",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"
          },
          {
            "name": "36180",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36180"
          },
          {
            "name": "38231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38231"
          },
          {
            "name": "272209",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"
          },
          {
            "name": "MDVSA-2011:108",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
          },
          {
            "name": "36176",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36176"
          },
          {
            "name": "FEDORA-2009-8337",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
          },
          {
            "name": "43300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43300"
          },
          {
            "name": "oval:org.mitre.oval:def:9356",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"
          },
          {
            "name": "TA10-012A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
          },
          {
            "name": "SUSE-SR:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
          },
          {
            "name": "RHSA-2012:1232",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
          },
          {
            "name": "263489",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055\u0026r2=787352\u0026pathrev=787353\u0026diff_format=h"
          },
          {
            "name": "37300",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37300"
          },
          {
            "name": "APPLE-SA-2009-09-03-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
          },
          {
            "name": "SUSE-SA:2009:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"
          },
          {
            "name": "RHSA-2009:1201",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
          },
          {
            "name": "SUSE-SR:2009:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
          },
          {
            "name": "[oss-security] 20090906 Re: Re: expat bug 1990430",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1"
          },
          {
            "name": "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6"
          },
          {
            "name": "ADV-2011-0359",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0359"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "RHSA-2009:1650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
          },
          {
            "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-20T16:06:10",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "SSA:2011-041-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.486026"
        },
        {
          "name": "RHSA-2009:1200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
        },
        {
          "name": "RHSA-2009:1199",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
        },
        {
          "name": "USN-890-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-890-1"
        },
        {
          "name": "36162",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36162"
        },
        {
          "name": "ADV-2009-2543",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2543"
        },
        {
          "name": "DSA-1984",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-1984"
        },
        {
          "name": "[oss-security] 20091022 Re: Regarding expat bug 1990430",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9"
        },
        {
          "name": "1021506",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"
        },
        {
          "name": "37460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37460"
        },
        {
          "name": "RHSA-2009:1615",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "HPSBUX02476",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
        },
        {
          "name": "37754",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37754"
        },
        {
          "name": "RHSA-2009:1637",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.codenomicon.com/labs/xml/"
        },
        {
          "name": "36199",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36199"
        },
        {
          "name": "RHSA-2012:1537",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html"
        },
        {
          "name": "SUSE-SR:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
        },
        {
          "name": "MDVSA-2009:209",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
        },
        {
          "name": "FEDORA-2009-8329",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
        },
        {
          "name": "RHSA-2011:0858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html"
        },
        {
          "name": "SSRT090250",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
        },
        {
          "name": "1022680",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022680"
        },
        {
          "name": "37671",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37671"
        },
        {
          "name": "38342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38342"
        },
        {
          "name": "RHSA-2009:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
        },
        {
          "name": "35958",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35958"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "name": "RHSA-2009:1649",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
        },
        {
          "name": "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3"
        },
        {
          "name": "TA09-294A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
        },
        {
          "name": "50549",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50549"
        },
        {
          "name": "oval:org.mitre.oval:def:8520",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"
        },
        {
          "name": "36180",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36180"
        },
        {
          "name": "38231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38231"
        },
        {
          "name": "272209",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"
        },
        {
          "name": "MDVSA-2011:108",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
        },
        {
          "name": "36176",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36176"
        },
        {
          "name": "FEDORA-2009-8337",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
        },
        {
          "name": "43300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43300"
        },
        {
          "name": "oval:org.mitre.oval:def:9356",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"
        },
        {
          "name": "TA10-012A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
        },
        {
          "name": "SUSE-SR:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
        },
        {
          "name": "RHSA-2012:1232",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
        },
        {
          "name": "263489",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055\u0026r2=787352\u0026pathrev=787353\u0026diff_format=h"
        },
        {
          "name": "37300",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37300"
        },
        {
          "name": "APPLE-SA-2009-09-03-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
        },
        {
          "name": "SUSE-SA:2009:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"
        },
        {
          "name": "RHSA-2009:1201",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
        },
        {
          "name": "SUSE-SR:2009:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
        },
        {
          "name": "[oss-security] 20090906 Re: Re: expat bug 1990430",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1"
        },
        {
          "name": "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6"
        },
        {
          "name": "ADV-2011-0359",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0359"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "name": "RHSA-2009:1650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
        },
        {
          "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2009-2625",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSA:2011-041-02",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.486026"
            },
            {
              "name": "RHSA-2009:1200",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
            },
            {
              "name": "RHSA-2009:1199",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1199.html"
            },
            {
              "name": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html",
              "refsource": "MISC",
              "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
            },
            {
              "name": "USN-890-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-890-1"
            },
            {
              "name": "36162",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36162"
            },
            {
              "name": "ADV-2009-2543",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2543"
            },
            {
              "name": "DSA-1984",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-1984"
            },
            {
              "name": "[oss-security] 20091022 Re: Regarding expat bug 1990430",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/10/22/9"
            },
            {
              "name": "1021506",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021506.1-1"
            },
            {
              "name": "37460",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "RHSA-2009:1615",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1615.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "HPSBUX02476",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
            },
            {
              "name": "37754",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37754"
            },
            {
              "name": "RHSA-2009:1637",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
            },
            {
              "name": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html",
              "refsource": "MISC",
              "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
            },
            {
              "name": "http://www.codenomicon.com/labs/xml/",
              "refsource": "MISC",
              "url": "http://www.codenomicon.com/labs/xml/"
            },
            {
              "name": "36199",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36199"
            },
            {
              "name": "RHSA-2012:1537",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1537.html"
            },
            {
              "name": "SUSE-SR:2010:013",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
            },
            {
              "name": "MDVSA-2009:209",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
            },
            {
              "name": "FEDORA-2009-8329",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
            },
            {
              "name": "RHSA-2011:0858",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0858.html"
            },
            {
              "name": "SSRT090250",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
            },
            {
              "name": "1022680",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022680"
            },
            {
              "name": "37671",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37671"
            },
            {
              "name": "38342",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38342"
            },
            {
              "name": "RHSA-2009:1636",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
            },
            {
              "name": "35958",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35958"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "RHSA-2009:1649",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
            },
            {
              "name": "[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/10/26/3"
            },
            {
              "name": "TA09-294A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
            },
            {
              "name": "50549",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50549"
            },
            {
              "name": "oval:org.mitre.oval:def:8520",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8520"
            },
            {
              "name": "36180",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36180"
            },
            {
              "name": "38231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38231"
            },
            {
              "name": "272209",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-272209-1"
            },
            {
              "name": "MDVSA-2011:108",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:108"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
            },
            {
              "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1",
              "refsource": "CONFIRM",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
            },
            {
              "name": "36176",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36176"
            },
            {
              "name": "FEDORA-2009-8337",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
            },
            {
              "name": "43300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43300"
            },
            {
              "name": "oval:org.mitre.oval:def:9356",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9356"
            },
            {
              "name": "TA10-012A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-012A.html"
            },
            {
              "name": "SUSE-SR:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "RHSA-2012:1232",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html"
            },
            {
              "name": "263489",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263489-1"
            },
            {
              "name": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055\u0026r2=787352\u0026pathrev=787353\u0026diff_format=h",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055\u0026r2=787352\u0026pathrev=787353\u0026diff_format=h"
            },
            {
              "name": "37300",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37300"
            },
            {
              "name": "APPLE-SA-2009-09-03-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
            },
            {
              "name": "SUSE-SA:2009:053",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=512921",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512921"
            },
            {
              "name": "RHSA-2009:1201",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
            },
            {
              "name": "SUSE-SR:2009:017",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
            },
            {
              "name": "[oss-security] 20090906 Re: Re: expat bug 1990430",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/09/06/1"
            },
            {
              "name": "[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/10/23/6"
            },
            {
              "name": "ADV-2011-0359",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0359"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "RHSA-2009:1650",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
            },
            {
              "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2009-2625",
    "datePublished": "2009-08-06T15:00:00",
    "dateReserved": "2009-07-28T00:00:00",
    "dateUpdated": "2024-08-07T05:59:56.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3876

Vulnerability from cvelistv5

Published

2009-11-05 16:00

Modified

2024-08-07 06:45

Severity

Summary

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.

References

URL	Tags
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/36881	vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8608	vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1694.html	vendor-advisory, x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10328	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37231	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html	vendor-advisory, x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6805	vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2009/3131	vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11934	vdb-entry, signature, x_refsource_OVAL
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html	x_refsource_CONFIRM
http://java.sun.com/javase/6/webnotes/6u17.html	x_refsource_CONFIRM
http://secunia.com/advisories/37841	third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1	vendor-advisory, x_refsource_SUNALERT
http://secunia.com/advisories/37239	third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/37386	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX02503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "36881",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36881"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:8608",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8608"
          },
          {
            "name": "HPSBMU02703",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "RHSA-2009:1694",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10328",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10328"
          },
          {
            "name": "37231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37231"
          },
          {
            "name": "SSRT100019",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "SSRT100242",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "SUSE-SA:2009:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6805",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6805"
          },
          {
            "name": "ADV-2009-3131",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3131"
          },
          {
            "name": "oval:org.mitre.oval:def:11934",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11934"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
          },
          {
            "name": "37841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37841"
          },
          {
            "name": "270476",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1"
          },
          {
            "name": "37239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37239"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBUX02503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "36881",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36881"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:8608",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8608"
        },
        {
          "name": "HPSBMU02703",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "RHSA-2009:1694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10328",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10328"
        },
        {
          "name": "37231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37231"
        },
        {
          "name": "SSRT100019",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "SSRT100242",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "SUSE-SA:2009:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6805",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6805"
        },
        {
          "name": "ADV-2009-3131",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3131"
        },
        {
          "name": "oval:org.mitre.oval:def:11934",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11934"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
        },
        {
          "name": "37841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37841"
        },
        {
          "name": "270476",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1"
        },
        {
          "name": "37239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37239"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3876",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX02503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "36881",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36881"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:8608",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8608"
            },
            {
              "name": "HPSBMU02703",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1694",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10328",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10328"
            },
            {
              "name": "37231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37231"
            },
            {
              "name": "SSRT100019",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "SSRT100242",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "SUSE-SA:2009:058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6805",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6805"
            },
            {
              "name": "ADV-2009-3131",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3131"
            },
            {
              "name": "oval:org.mitre.oval:def:11934",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11934"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
            },
            {
              "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
              "refsource": "CONFIRM",
              "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
            },
            {
              "name": "37841",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37841"
            },
            {
              "name": "270476",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1"
            },
            {
              "name": "37239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37239"
            },
            {
              "name": "MDVSA-2010:084",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3876",
    "datePublished": "2009-11-05T16:00:00",
    "dateReserved": "2009-11-05T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3873

Vulnerability from cvelistv5

Published

2009-11-05 16:00

Modified

2024-08-07 06:45

Severity

Summary

The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.

References

URL	Tags
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://www.securityfocus.com/bid/36881	vdb-entry, x_refsource_BID
http://support.apple.com/kb/HT3970	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=134254866602253&w=2	vendor-advisory, x_refsource_HP
http://support.apple.com/kb/HT3969	x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9602	vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor-advisory, x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2009-1694.html	vendor-advisory, x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html	vendor-advisory, x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8396	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37231	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=126566824131534&w=2	vendor-advisory, x_refsource_HP
http://securitytracker.com/id?1023132	vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=131593453929393&w=2	vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html	vendor-advisory, x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1	vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2009/3131	vdb-entry, x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html	vendor-advisory, x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6970	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37581	third-party-advisory, x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html	x_refsource_CONFIRM
http://java.sun.com/javase/6/webnotes/6u17.html	x_refsource_CONFIRM
http://secunia.com/advisories/37841	third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11746	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/37239	third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084	vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/37386	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.492Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBUX02503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "36881",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36881"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3970"
          },
          {
            "name": "HPSBMU02799",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3969"
          },
          {
            "name": "oval:org.mitre.oval:def:9602",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9602"
          },
          {
            "name": "HPSBMU02703",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "GLSA-200911-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "RHSA-2009:1694",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
          },
          {
            "name": "APPLE-SA-2009-12-03-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:8396",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8396"
          },
          {
            "name": "37231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37231"
          },
          {
            "name": "SSRT100019",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
          },
          {
            "name": "1023132",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023132"
          },
          {
            "name": "SSRT100242",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
          },
          {
            "name": "SUSE-SA:2009:058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
          },
          {
            "name": "270474",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
          },
          {
            "name": "ADV-2009-3131",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3131"
          },
          {
            "name": "APPLE-SA-2009-12-03-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6970",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6970"
          },
          {
            "name": "37581",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
          },
          {
            "name": "37841",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37841"
          },
          {
            "name": "oval:org.mitre.oval:def:11746",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11746"
          },
          {
            "name": "37239",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37239"
          },
          {
            "name": "MDVSA-2010:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "name": "37386",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a \"quantization problem,\" aka Bug Id 6862968."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBUX02503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "36881",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36881"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3970"
        },
        {
          "name": "HPSBMU02799",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3969"
        },
        {
          "name": "oval:org.mitre.oval:def:9602",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9602"
        },
        {
          "name": "HPSBMU02703",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "GLSA-200911-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
        },
        {
          "name": "RHSA-2009:1694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
        },
        {
          "name": "APPLE-SA-2009-12-03-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:8396",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8396"
        },
        {
          "name": "37231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37231"
        },
        {
          "name": "SSRT100019",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
        },
        {
          "name": "1023132",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023132"
        },
        {
          "name": "SSRT100242",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
        },
        {
          "name": "SUSE-SA:2009:058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
        },
        {
          "name": "270474",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
        },
        {
          "name": "ADV-2009-3131",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3131"
        },
        {
          "name": "APPLE-SA-2009-12-03-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6970",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6970"
        },
        {
          "name": "37581",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
        },
        {
          "name": "37841",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37841"
        },
        {
          "name": "oval:org.mitre.oval:def:11746",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11746"
        },
        {
          "name": "37239",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37239"
        },
        {
          "name": "MDVSA-2010:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
        },
        {
          "name": "37386",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37386"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3873",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a \"quantization problem,\" aka Bug Id 6862968."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBUX02503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "36881",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36881"
            },
            {
              "name": "http://support.apple.com/kb/HT3970",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3970"
            },
            {
              "name": "HPSBMU02799",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT3969",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3969"
            },
            {
              "name": "oval:org.mitre.oval:def:9602",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9602"
            },
            {
              "name": "HPSBMU02703",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "RHSA-2009:1694",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
            },
            {
              "name": "APPLE-SA-2009-12-03-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
            },
            {
              "name": "oval:org.mitre.oval:def:8396",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8396"
            },
            {
              "name": "37231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37231"
            },
            {
              "name": "SSRT100019",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126566824131534\u0026w=2"
            },
            {
              "name": "1023132",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023132"
            },
            {
              "name": "SSRT100242",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=131593453929393\u0026w=2"
            },
            {
              "name": "SUSE-SA:2009:058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
            },
            {
              "name": "270474",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1"
            },
            {
              "name": "ADV-2009-3131",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3131"
            },
            {
              "name": "APPLE-SA-2009-12-03-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6970",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6970"
            },
            {
              "name": "37581",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37581"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html"
            },
            {
              "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
              "refsource": "CONFIRM",
              "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
            },
            {
              "name": "37841",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37841"
            },
            {
              "name": "oval:org.mitre.oval:def:11746",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11746"
            },
            {
              "name": "37239",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37239"
            },
            {
              "name": "MDVSA-2010:084",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37386"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3873",
    "datePublished": "2009-11-05T16:00:00",
    "dateReserved": "2009-11-05T00:00:00",
    "dateUpdated": "2024-08-07T06:45:50.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

Vulnerability from csaf_redhat

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags