CVE-2009-3864high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
References
http://java.sun.com/javase/6/webnotes/6u17.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
http://secunia.com/advisories/37231
http://secunia.com/advisories/37239
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
http://www.securityfocus.com/bid/36881
http://www.vupen.com/english/advisories/2009/3131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6753
Details
Source: MITRE
Published: 2009-11-05
Updated: 2018-10-30
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
AND
OR
OR
cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89736 | VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check) | Nessus | VMware ESX Local Security Checks | critical |
| 64831 | Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix) | Nessus | Misc. | high |
| 45386 | VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE | Nessus | VMware ESX Local Security Checks | critical |
| 42857 | SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542) | Nessus | SuSE Local Security Checks | high |
| 42855 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541) | Nessus | SuSE Local Security Checks | high |
| 42853 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541) | Nessus | SuSE Local Security Checks | high |
| 42851 | openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541) | Nessus | SuSE Local Security Checks | high |
| 42460 | openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529) | Nessus | SuSE Local Security Checks | high |
| 42457 | openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529) | Nessus | SuSE Local Security Checks | high |
| 42373 | Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..) | Nessus | Windows | high |