Executive Summary

Summary
Title Sun Alert 269868 The Java Update Mechanism on Non-English Versions Does Not Update the JRE When a New Version is Available
Informations
Name SUN-269868 First vendor Publication 2009-11-03
Vendor Sun Last vendor Modification 2009-11-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Java Platform, Standard Edition (Java SE)

The Java Runtime Environment (JRE) Java Update mechanism running on non-English versions of the Windows operating system does not update the JRE when a new version is available.

Sun acknowledges with thanks, Tomasz "Tometzky" Ostrowski for bringing this issue to our attention.

State: Resolved
First released: 03-Nov-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_269868_the_java

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6753
 
Oval ID: oval:org.mitre.oval:def:6753
Title: Sun Java Updates Availability Notification System Failure
Description: The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3864
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 40
Application 37
Os 1

OpenVAS Exploits

Date Description
2009-11-23 Name : Sun Java SE Multiple Vulnerabilities - Nov09 (Win)
File : nvt/secpod_sun_java_se_mult_vuln_nov09_win.nasl
2009-11-23 Name : SuSE Security Advisory SUSE-SA:2009:058 (java-1_6_0-sun)
File : nvt/suse_sa_2009_058.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
59718 Sun Java JDK / JRE on Windows Update Notification Weakness

Snort® IPS/IDS

Date Description
2014-01-10 Oracle Java runtime JPEGImageReader overflow attempt
RuleID : 20055 - Revision : 11 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_269868_unix.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO
2009-11-11 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_269868.nasl - Type : ACT_GATHER_INFO