CVE-2009-3883 | Tenable®

Login

Tenable Community & Support

Tenable University

CVE-2009-3883

HIGH

Description

Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.

References

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

http://java.sun.com/javase/6/webnotes/6u17.html

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

https://bugzilla.redhat.com/show_bug.cgi?id=530175

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10191

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6968

Details

Source: MITRE

Published: 2009-11-09

Updated: 2018-10-30

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update21:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update16:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update21:*:*:*:*:*:* versions up to 1.5.0 (inclusive)

cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update16:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

ID	Name	Product	Family	Severity
89736	VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)	Nessus	VMware ESX Local Security Checks	critical
67960	Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1584)	Nessus	Oracle Linux Local Security Checks	critical
67075	CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584)	Nessus	CentOS Local Security Checks	critical
60691	Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
53539	RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)	Nessus	Red Hat Local Security Checks	critical
46176	Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084)	Nessus	Mandriva Local Security Checks	high
45386	VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE	Nessus	VMware ESX Local Security Checks	critical
42926	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)	Nessus	SuSE Local Security Checks	high
42923	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)	Nessus	SuSE Local Security Checks	high
42921	openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)	Nessus	SuSE Local Security Checks	high
42834	GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
42828	RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584)	Nessus	Red Hat Local Security Checks	critical
42817	Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1)	Nessus	Ubuntu Local Security Checks	critical
42806	Fedora 10 : java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 (2009-11490)	Nessus	Fedora Local Security Checks	high
42805	Fedora 12 : java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 (2009-11489)	Nessus	Fedora Local Security Checks	high
42802	Fedora 11 : java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 (2009-11486)	Nessus	Fedora Local Security Checks	high
42455	RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)	Nessus	Red Hat Local Security Checks	critical
42431	RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560)	Nessus	Red Hat Local Security Checks	critical