Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html
http://java.sun.com/javase/6/webnotes/6u17.html
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
https://bugzilla.redhat.com/show_bug.cgi?id=530173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906
OR
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:* versions up to 1.5.0 (inclusive)
cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:* versions up to 1.6.0 (inclusive)
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89736 | VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check) | Nessus | VMware ESX Local Security Checks | critical |
67960 | Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1584) | Nessus | Oracle Linux Local Security Checks | critical |
67075 | CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584) | Nessus | CentOS Local Security Checks | critical |
64831 | Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix) | Nessus | Misc. | high |
60691 | Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
53539 | RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662) | Nessus | Red Hat Local Security Checks | critical |
46176 | Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084) | Nessus | Mandriva Local Security Checks | high |
45386 | VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE | Nessus | VMware ESX Local Security Checks | critical |
42926 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613) | Nessus | SuSE Local Security Checks | high |
42923 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613) | Nessus | SuSE Local Security Checks | high |
42921 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613) | Nessus | SuSE Local Security Checks | high |
42834 | GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
42828 | RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584) | Nessus | Red Hat Local Security Checks | critical |
42817 | Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1) | Nessus | Ubuntu Local Security Checks | critical |
42806 | Fedora 10 : java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 (2009-11490) | Nessus | Fedora Local Security Checks | high |
42805 | Fedora 12 : java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 (2009-11489) | Nessus | Fedora Local Security Checks | high |
42802 | Fedora 11 : java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 (2009-11486) | Nessus | Fedora Local Security Checks | high |
42455 | RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571) | Nessus | Red Hat Local Security Checks | critical |
42431 | RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560) | Nessus | Red Hat Local Security Checks | critical |
42373 | Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..) | Nessus | Windows | high |