CVE-2009-1101

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html

http://marc.info/?l=bugtraq&m=124344236532162&w=2

http://secunia.com/advisories/34489

http://secunia.com/advisories/34496

http://secunia.com/advisories/34632

http://secunia.com/advisories/34675

http://secunia.com/advisories/35156

http://secunia.com/advisories/35223

http://secunia.com/advisories/35255

http://secunia.com/advisories/35776

http://secunia.com/advisories/36185

http://secunia.com/advisories/37386

http://secunia.com/advisories/37460

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-254609-1

http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm

http://www.debian.org/security/2009/dsa-1769

http://www.mandriva.com/security/advisories?name=MDVSA-2009:137

http://www.mandriva.com/security/advisories?name=MDVSA-2009:162

http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

http://www.redhat.com/support/errata/RHSA-2009-0392.html

http://www.redhat.com/support/errata/RHSA-2009-1038.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/34240

http://www.securitytracker.com/id?1021918

http://www.ubuntu.com/usn/usn-748-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/1426

http://www.vupen.com/english/advisories/2009/3316

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10152

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6412

https://rhn.redhat.com/errata/RHSA-2009-0377.html

https://rhn.redhat.com/errata/RHSA-2009-1198.html

Details

Source: MITRE

Published: 2009-03-25

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
107418Solaris 10 (sparc) : 125137-75NessusSolaris Local Security Checks
critical
107417Solaris 10 (sparc) : 125137-71NessusSolaris Local Security Checks
critical
89736VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)NessusVMware ESX Local Security Checks
critical
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
89116VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)NessusMisc.
critical
67831Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-0377)NessusOracle Linux Local Security Checks
critical
64829Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)NessusMisc.
critical
60555Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
45386VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRENessusVMware ESX Local Security Checks
critical
44029RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)NessusRed Hat Local Security Checks
critical
43736CentOS 5 : java-1.6.0-openjdk (CESA-2009:0377)NessusCentOS Local Security Checks
critical
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
42834GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
42179VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issuesNessusVMware ESX Local Security Checks
high
41407SuSE 11 Security Update : Sun JDK 6 (SAT Patch Number 699)NessusSuSE Local Security Checks
critical
41406SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1058)NessusSuSE Local Security Checks
critical
40747RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1198)NessusRed Hat Local Security Checks
critical
40745RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1038)NessusRed Hat Local Security Checks
critical
40742RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:0394)NessusRed Hat Local Security Checks
critical
40741RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:0392)NessusRed Hat Local Security Checks
critical
40242openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)NessusSuSE Local Security Checks
critical
40003openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)NessusSuSE Local Security Checks
critical
39766Mac OS X : Java for Mac OS X 10.4 Release 9NessusMacOS X Local Security Checks
high
39478Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:137)NessusMandriva Local Security Checks
critical
39435Mac OS X : Java for Mac OS X 10.5 Update 4NessusMacOS X Local Security Checks
high
36366Ubuntu 8.10 : openjdk-6 vulnerabilities (USN-748-1)NessusUbuntu Local Security Checks
critical
36142Debian DSA-1769-1 : openjdk-6 - several vulnerabilitiesNessusDebian Local Security Checks
critical
36111RHEL 5 : java-1.6.0-openjdk (RHSA-2009:0377)NessusRed Hat Local Security Checks
critical
36071openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6128)NessusSuSE Local Security Checks
critical
36034Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)NessusWindows
high
27021Solaris 9 (sparc) : 125137-97NessusSolaris Local Security Checks
critical
27009Solaris 8 (sparc) : 125137-97NessusSolaris Local Security Checks
critical
26985Solaris 10 (sparc) : 125137-97 (deprecated)NessusSolaris Local Security Checks
critical