CVE-2009-3864

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.

References

http://java.sun.com/javase/6/webnotes/6u17.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html

http://secunia.com/advisories/37231

http://secunia.com/advisories/37239

http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1

http://www.securityfocus.com/bid/36881

http://www.vupen.com/english/advisories/2009/3131

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6753

Details

Source: MITRE

Published: 2009-11-05

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR

cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
89736VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)NessusVMware ESX Local Security Checks
critical
64831Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)NessusMisc.
high
45386VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRENessusVMware ESX Local Security Checks
critical
42857SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)NessusSuSE Local Security Checks
high
42855openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)NessusSuSE Local Security Checks
high
42853openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)NessusSuSE Local Security Checks
high
42851openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)NessusSuSE Local Security Checks
high
42460openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)NessusSuSE Local Security Checks
high
42457openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)NessusSuSE Local Security Checks
high
42373Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)NessusWindows
high