This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:sun:jdk:6:update_9 |
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2008-12-04 |
| Product | Jdk | Last view | 2009-08-06 |
| Version | 6 | Type | Application |
| Edition | |||
| Language | |||
| Update | update_9 | ||
| CPE Product | cpe:/a:sun:jdk | ||
Activity : Yearly
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2009-08-06 | CVE-2009-2625 | Network | Low | None Requ... | |
| 10 | 2009-08-05 | CVE-2009-2675 | Network | Low | None Requ... | |
| 7.5 | 2009-08-05 | CVE-2009-2674 | Network | Low | None Requ... | |
| 7.5 | 2009-08-05 | CVE-2009-2673 | Network | Low | None Requ... | |
| 7.5 | 2009-08-05 | CVE-2009-2672 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 5 | 2009-08-05 | CVE-2009-2671 | Network | Low | None Requ... | |
| 5 | 2009-08-05 | CVE-2009-2670 | Network | Low | None Requ... | |
| 6.4 | 2008-12-05 | CVE-2008-5360 | Network | Low | None Requ... | |
| 9.3 | 2008-12-05 | CVE-2008-5359 | Network | Medium | None Requ... | |
| 9.3 | 2008-12-05 | CVE-2008-5357 | Network | Medium | None Requ... | |
| 9.3 | 2008-12-05 | CVE-2008-5356 | Network | Medium | None Requ... | |
| 10 | 2008-12-05 | CVE-2008-5355 | Network | Low | None Requ... | |
| 9.3 | 2008-12-05 | CVE-2008-5354 | Network | Medium | None Requ... | |
| 10 | 2008-12-05 | CVE-2008-5353 | Network | Low | None Requ... | |
| 7.5 | 2008-12-05 | CVE-2008-5351 | Network | Low | None Requ... | |
| 5 | 2008-12-05 | CVE-2008-5350 | Network | Low | None Requ... | |
| 7.1 | 2008-12-05 | CVE-2008-5348 | Network | Medium | None Requ... | |
| 7.5 | 2008-12-05 | CVE-2008-5345 | Network | Low | None Requ... | |
| 7.5 | 2008-12-05 | CVE-2008-5344 | Network | Low | None Requ... | |
| 9 | 2008-12-05 | CVE-2008-5343 | Network | Low | None Requ... | |
| 5 | 2008-12-05 | CVE-2008-5342 | Network | Low | None Requ... | |
| 5 | 2008-12-05 | CVE-2008-5341 | Network | Low | None Requ... | |
| 10 | 2008-12-05 | CVE-2008-5340 | Network | Low | None Requ... | |
| 5 | 2008-12-05 | CVE-2008-5339 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 47% (8) | CWE-264 | Permissions, Privileges, and Access Controls |
| 17% (3) | CWE-200 | Information Exposure |
| 17% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 5% (1) | CWE-287 | Improper Authentication |
| 5% (1) | CWE-189 | Numeric Errors |
| % | id | Name |
|---|---|---|
| 5% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:5601 | Java Web Start Bugs Let Remote Users Read/Write Files, Execute Arbitrary Code... |
| oval:org.mitre.oval:def:6409 | Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allo... |
| oval:org.mitre.oval:def:6627 | Sun Java Multiple Code Execution and Security Bypass Vulnerabilities |
| oval:org.mitre.oval:def:6529 | Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and ... |
| oval:org.mitre.oval:def:6359 | Unspecified vunerability in the BasicService for Java Web Start (JWS) and Jav... |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:5924 | Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability |
| oval:org.mitre.oval:def:6249 | Sun Java Web Start and Java Plug-in applet class security bypass |
| oval:org.mitre.oval:def:6059 | Sun Java Runtime Environment (JRE) Lets Remote Users Access 'localhost' |
| oval:org.mitre.oval:def:6549 | Sun Java Runtime Environment and Java Development Kit Multiple Security Vulne... |
| oval:org.mitre.oval:def:6424 | Sun Java Runtime Environment Lets Remote Users View Directory Contents |
| oval:org.mitre.oval:def:6212 | Java Runtime Environment UTF-8 Decoding Bug May Let Users Bypass Access Restr... |
| oval:org.mitre.oval:def:6511 | Sun Java Runtime Environment 'Calendar.readObject' Bug Lets Remote Applets Ga... |
| oval:org.mitre.oval:def:6537 | Sun Java Runtime Environment JAR Main-Class manifest entry buffer overflow |
| oval:org.mitre.oval:def:5664 | Sun Java Runtime Environment Java Update Fails to Validate Digital Signatures |
| oval:org.mitre.oval:def:6494 | Sun Java Runtime Environment TrueType font buffer overflow |
| oval:org.mitre.oval:def:6505 | Sun Java Runtime Environment TrueType font integer overflow |
| oval:org.mitre.oval:def:5841 | Sun Java Runtime Environment image processing code buffer overflow |
| oval:org.mitre.oval:def:6596 | Sun Java Runtime Environment temporary files weak security |
| oval:org.mitre.oval:def:9356 | XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environme... |
| oval:org.mitre.oval:def:8520 | HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other... |
| oval:org.mitre.oval:def:8022 | HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other... |
| oval:org.mitre.oval:def:11326 | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 befor... |
| oval:org.mitre.oval:def:8259 | HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other... |
| oval:org.mitre.oval:def:11115 | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK a... |
| oval:org.mitre.oval:def:9359 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in J... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 56984 | Apache Xerces2 Java Malformed XML Input DoS |
| 56788 | Sun Java JDK / JRE Audio System Unauthorized java.lang.System Properties Access |
| 56787 | Sun Java JDK / JRE WebStart (javaws.exe) JPEG Decompression Overflow |
| 56786 | Sun Java JDK / JRE Pack200 JAR File Decoding Inner Class Count Overflow |
| 56785 | Sun Java JDK / JRE Proxy Mechanism Implementation Arbitrary Host Connection |
| id | Description |
|---|---|
| 56784 | Sun Java JDK / JRE Proxy Mechanism Implementation Unauthorized Browser Cookie... |
| 56783 | Sun Java JDK / JRE SOCKS Proxy Implementation Applet Process Owner Disclosure |
| 50517 | Sun Java JDK / JRE TrueType Font Processing Integer Overflow |
| 50516 | Sun Java JDK / JRE TrueType Font Processing Heap Overflow |
| 50514 | Sun Java JDK / JRE Java Web Start BasicService Arbitrary File Access |
| 50513 | Sun Java JDK / JRE Applet Classloading Privilege Escalation |
| 50512 | Sun Java JDK / JRE Jave Web Start / Plug-in HTTP Session Hijacking |
| 50511 | Sun Java JDK / JRE Java Web Start SingleInstanceImpl Class SI_FILEDIR Propert... |
| 50510 | Sun Java JDK / JRE Java Web Start (JWS) JNLP File System Properties Override ... |
| 50509 | Sun Java JDK / JRE Java Web Start Application file: Protocol Arbitrary File A... |
| 50508 | Sun Java JRE LocalHost Network Access Restriction Bypass |
| 50505 | Sun Java JDK / JRE Kerberos Authentication Unspecified Remote DoS |
| 50503 | Sun Java JDK / JRE Untrusted Applet User Home Directory Content Listing |
| 50502 | Sun Java JDK / JRE UTF-8 Decoder Non-shortest Form Sequence Handling Weakness |
| 50500 | Sun Java JDK / JRE Deserializing Calendar Object Privilege Escalation |
| 50499 | Sun Java JDK / JRE Command Line Application Overflow |
| 50498 | Sun Java JDK / JRE Java Update Mechanism Digital Signature Verification Weakness |
| 50497 | Sun Java JDK / JRE Java Web Start Application JNLP File Handling Socket Restr... |
| 50496 | Sun Java JDK / JRE Java AWT Library ConvolveOp Operation Image Handling Overflow |
| 50495 | Sun Java JDK / JRE Environment Temporary File Name Prediction Weakness |
ExploitDB Exploits
| id | Description |
|---|---|
| 16302 | Signed Applet Social Engineering Code Exec |
| 16293 | Sun Java Calendar Deserialization Exploit |
| 9948 | Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserialization ... |
| 8753 | Mac OS X Java applet Remote Deserialization Remote PoC (updated) |
Metasploit Exploits
| id | Description |
|---|---|
| 2008-12-03 | Sun Java Calendar Deserialization Privilege Escalation |
