5 - SUN-270475

Executive Summary

Summary
Title	Sun Alert 270475 A Security Vulnerability in the Java Runtime Environment With Verifying HMAC Digests may Allow Authentication to be Bypassed

Informations
Name	SUN-270475	First vendor Publication	2009-11-03
Vendor	Sun	Last vendor Modification	2010-01-21
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Java Platform, Standard Edition 6 (Java SE 6)

A security vulnerability in the Java Runtime Environment with verifyingHMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid.Applications that validate HMAC-based digital signatures may bevulnerable to this type of attack.

Note: This vulnerability cannotbe exploited by an untrusted applet or Java Web Start application.

Sun acknowledges, with thanks, Coda Hale for bringing this issue to ourattention.

State: Resolved

First released: 03-Nov-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_270475_a_security

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-310	Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11847

Oval ID:	oval:org.mitre.oval:def:11847
Title:	The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Description:	The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3875	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.7.b09.el5

Definition Id: oval:org.mitre.oval:def:12112

Oval ID:	oval:org.mitre.oval:def:12112
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3875	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 HP Release B.11.11 AND filesets tests Jdk15.JDK15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-COM version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-COM version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.19.00 OR Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 platforms HP-UX B.11.31 AND HP Release B.11.11 AND HP Release B.11.23 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-COM version is less than 1.4.2.24.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-COM version is less than 1.4.2.24.00 OR Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 platforms HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk60.JDK60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-COM version is less than 1.6.0.06.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.06.00 AND Jdk60.JDK60-COM version is less than 1.6.0.06.00

Definition Id: oval:org.mitre.oval:def:7549

Oval ID:	oval:org.mitre.oval:def:7549
Title:	OpenJDK MessageDigest.isEqual Introduces Timing Attack Vulnerabilities
Description:	The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3875	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005402-SG is not installed

Definition Id: oval:org.mitre.oval:def:7913

Oval ID:	oval:org.mitre.oval:def:7913
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3875	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
IF HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.24.00 AND Jre14.JRE14-COM version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.24.00 AND Jdk14.JDK14-COM version is less than 1.4.2.24.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.19.00 AND Jre15.JRE15-COM version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.19.00 AND Jdk15.JDK15-COM version is less than 1.5.0.19.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.06.00 AND Jdk60.JDK60-COM version is less than 1.6.0.06.00 AND Jre60.JRE60-COM version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.06.00

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sun Jdk cpe:2.3:a:sun:jdk:1.6.0:update1:::::: cpe:2.3:a:sun:jdk:1.6.0:update2:::::: cpe:2.3:a:sun:jdk:1.6.0:update9:::::: cpe:2.3:a:sun:jdk:1.6.0:update10:::::: cpe:2.3:a:sun:jdk:1.6.0:update14:::::: cpe:2.3:a:sun:jdk:1.6.0:update6:::::: cpe:2.3:a:sun:jdk:1.6.0:update11:::::: cpe:2.3:a:sun:jdk:1.6.0:update3:::::: cpe:2.3:a:sun:jdk:1.6.0:update5:::::: cpe:2.3:a:sun:jdk:1.6.0:update13:::::: cpe:2.3:a:sun:jdk:1.6.0:update12:::::: cpe:2.3:a:sun:jdk:1.6.0:update4:::::: cpe:2.3:a:sun:jdk:1.6.0:update15:::::: cpe:2.3:a:sun:jdk:1.6.0:update7:::::: cpe:2.3:a:sun:jdk:1.6.0:update8:::::: cpe:2.3:a:sun:jdk:1.6.0:update16:::::: cpe:2.3:a:sun:jdk:1.5.0:update10:::::: cpe:2.3:a:sun:jdk:1.5.0:update5:::::: cpe:2.3:a:sun:jdk:1.5.0:update7:::::: cpe:2.3:a:sun:jdk:1.5.0:update6:::::: cpe:2.3:a:sun:jdk:1.5.0:update3:::::: cpe:2.3:a:sun:jdk:1.5.0:update16:::::: cpe:2.3:a:sun:jdk:1.5.0:update4:::::: cpe:2.3:a:sun:jdk:1.5.0:update17:::::: cpe:2.3:a:sun:jdk:1.5.0:update9:::::: cpe:2.3:a:sun:jdk:1.5.0:update19:::::: cpe:2.3:a:sun:jdk:1.5.0:update15:::::: cpe:2.3:a:sun:jdk:1.5.0:update21:::::: cpe:2.3:a:sun:jdk:1.5.0:update2:::::: cpe:2.3:a:sun:jdk:1.5.0:update12:::::: cpe:2.3:a:sun:jdk:1.5.0:update8:::::: cpe:2.3:a:sun:jdk:1.5.0:update18:::::: cpe:2.3:a:sun:jdk:1.5.0:update11:::::: cpe:2.3:a:sun:jdk:1.5.0:update20:::::: cpe:2.3:a:sun:jdk:1.5.0:update14:::::: cpe:2.3:a:sun:jdk:1.5.0:update13:::::: cpe:2.3:a:sun:jdk:1.5.0:update1:::::: cpe:2.3:a:sun:jdk:1.5.0:update11_b03:::::: cpe:2.3:a:sun:jdk:1.5.0:update7_b03::::::	39
Application	Sun Jre cpe:2.3:a:sun:jre:1.6.0:update_1:::::: cpe:2.3:a:sun:jre:1.6.0:update_3:::::: cpe:2.3:a:sun:jre:1.6.0:update_2:::::: cpe:2.3:a:sun:jre:1.6.0:update11:::::: cpe:2.3:a:sun:jre:1.6.0:update15:::::: cpe:2.3:a:sun:jre:1.6.0:update16:::::: cpe:2.3:a:sun:jre:1.6.0:update5:::::: cpe:2.3:a:sun:jre:1.6.0:update10:::::: cpe:2.3:a:sun:jre:1.6.0:update9:::::: cpe:2.3:a:sun:jre:1.6.0:update8:::::: cpe:2.3:a:sun:jre:1.6.0:update14:::::: cpe:2.3:a:sun:jre:1.6.0:update7:::::: cpe:2.3:a:sun:jre:1.6.0:update12:::::: cpe:2.3:a:sun:jre:1.6.0:update6:::::: cpe:2.3:a:sun:jre:1.6.0:update13:::::: cpe:2.3:a:sun:jre:1.6.0:update4:::::: cpe:2.3:a:sun:jre:1.5.0:update16:::::: cpe:2.3:a:sun:jre:1.5.0:update17:::::: cpe:2.3:a:sun:jre:1.5.0:update15:::::: cpe:2.3:a:sun:jre:1.5.0:update12:::::: cpe:2.3:a:sun:jre:1.5.0:update10:::::: cpe:2.3:a:sun:jre:1.5.0:update6:::::: cpe:2.3:a:sun:jre:1.5.0:update13:::::: cpe:2.3:a:sun:jre:1.5.0:update14:::::: cpe:2.3:a:sun:jre:1.5.0:update11:::::: cpe:2.3:a:sun:jre:1.5.0:update18:::::: cpe:2.3:a:sun:jre:1.5.0:update8:::::: cpe:2.3:a:sun:jre:1.5.0:update1:::::: cpe:2.3:a:sun:jre:1.5.0:update9:::::: cpe:2.3:a:sun:jre:1.5.0:update21:::::: cpe:2.3:a:sun:jre:1.5.0:update20:::::: cpe:2.3:a:sun:jre:1.5.0:update3:::::: cpe:2.3:a:sun:jre:1.5.0:update4:::::: cpe:2.3:a:sun:jre:1.5.0:update5:::::: cpe:2.3:a:sun:jre:1.5.0:update2:::::: cpe:2.3:a:sun:jre:1.5.0:update7:::::: cpe:2.3:a:sun:jre:1.5.0:update19:::::: cpe:2.3:a:sun:jre:1.4.2_9:::::::* cpe:2.3:a:sun:jre:1.4.2_8:::::::* cpe:2.3:a:sun:jre:1.4.2_7:::::::* cpe:2.3:a:sun:jre:1.4.2_6:::::::* cpe:2.3:a:sun:jre:1.4.2_5:::::::* cpe:2.3:a:sun:jre:1.4.2_4:::::::* cpe:2.3:a:sun:jre:1.4.2_3:::::::* cpe:2.3:a:sun:jre:1.4.2_23:::::::* cpe:2.3:a:sun:jre:1.4.2_22:::::::* cpe:2.3:a:sun:jre:1.4.2_21:::::::* cpe:2.3:a:sun:jre:1.4.2_20:::::::* cpe:2.3:a:sun:jre:1.4.2_2:::::::* cpe:2.3:a:sun:jre:1.4.2_19:::::::* cpe:2.3:a:sun:jre:1.4.2_18:::::::* cpe:2.3:a:sun:jre:1.4.2_17:::::::* cpe:2.3:a:sun:jre:1.4.2_16:::::::* cpe:2.3:a:sun:jre:1.4.2_15:::::::* cpe:2.3:a:sun:jre:1.4.2_14:::::::* cpe:2.3:a:sun:jre:1.4.2_13:::::::* cpe:2.3:a:sun:jre:1.4.2_12:::::::* cpe:2.3:a:sun:jre:1.4.2_11:::::::* cpe:2.3:a:sun:jre:1.4.2_10:::::::* cpe:2.3:a:sun:jre:1.4.2_1:::::::* cpe:2.3:a:sun:jre:1.4.2_09:::::::* cpe:2.3:a:sun:jre:1.4.2_08:::::::* cpe:2.3:a:sun:jre:1.4.2_07:::::::* cpe:2.3:a:sun:jre:1.4.2_06:::::::* cpe:2.3:a:sun:jre:1.4.2_05:::::::* cpe:2.3:a:sun:jre:1.4.2_04:::::::* cpe:2.3:a:sun:jre:1.4.2_03:::::::* cpe:2.3:a:sun:jre:1.4.2_02:::::::* cpe:2.3:a:sun:jre:1.3.1_9:::::::* cpe:2.3:a:sun:jre:1.3.1_8:::::::* cpe:2.3:a:sun:jre:1.3.1_7:::::::* cpe:2.3:a:sun:jre:1.3.1_6:::::::* cpe:2.3:a:sun:jre:1.3.1_5:::::::* cpe:2.3:a:sun:jre:1.3.1_4:::::::* cpe:2.3:a:sun:jre:1.3.1_3:::::::* cpe:2.3:a:sun:jre:1.3.1_25:::::::* cpe:2.3:a:sun:jre:1.3.1_24:::::::* cpe:2.3:a:sun:jre:1.3.1_23:::::::* cpe:2.3:a:sun:jre:1.3.1_22:::::::* cpe:2.3:a:sun:jre:1.3.1_21:::::::* cpe:2.3:a:sun:jre:1.3.1_20:::::::* cpe:2.3:a:sun:jre:1.3.1_2:::::::* cpe:2.3:a:sun:jre:1.3.1_19:::::::* cpe:2.3:a:sun:jre:1.3.1_18:::::::* cpe:2.3:a:sun:jre:1.3.1_17:::::::* cpe:2.3:a:sun:jre:1.3.1_16:::::::* cpe:2.3:a:sun:jre:1.3.1_15:::::::* cpe:2.3:a:sun:jre:1.3.1_14:::::::* cpe:2.3:a:sun:jre:1.3.1_13:::::::* cpe:2.3:a:sun:jre:1.3.1_12:::::::* cpe:2.3:a:sun:jre:1.3.1_11:::::::* cpe:2.3:a:sun:jre:1.3.1_10:::::::* cpe:2.3:a:sun:jre:1.3.1_1:::::::* cpe:2.3:a:sun:jre:1.3.1_09:::::::* cpe:2.3:a:sun:jre:1.3.1_08:::::::* cpe:2.3:a:sun:jre:1.3.1_07:::::::* cpe:2.3:a:sun:jre:1.3.1_06:::::::* cpe:2.3:a:sun:jre:1.3.1_05:::::::* cpe:2.3:a:sun:jre:1.3.1_04:::::::* cpe:2.3:a:sun:jre:1.3.1_03:::::::* cpe:2.3:a:sun:jre:1.3.1_02:::::::* cpe:2.3:a:sun:jre:1.3.1_01a:::::::* cpe:2.3:a:sun:jre:1.3.1_01:::::::*	103
Application	Sun Sdk cpe:2.3:a:sun:sdk:1.4.2_9:::::::* cpe:2.3:a:sun:sdk:1.4.2_8:::::::* cpe:2.3:a:sun:sdk:1.4.2_7:::::::* cpe:2.3:a:sun:sdk:1.4.2_6:::::::* cpe:2.3:a:sun:sdk:1.4.2_5:::::::* cpe:2.3:a:sun:sdk:1.4.2_4:::::::* cpe:2.3:a:sun:sdk:1.4.2_3:::::::* cpe:2.3:a:sun:sdk:1.4.2_23:::::::* cpe:2.3:a:sun:sdk:1.4.2_22:::::::* cpe:2.3:a:sun:sdk:1.4.2_21:::::::* cpe:2.3:a:sun:sdk:1.4.2_20:::::::* cpe:2.3:a:sun:sdk:1.4.2_2:::::::* cpe:2.3:a:sun:sdk:1.4.2_19:::::::* cpe:2.3:a:sun:sdk:1.4.2_18:::::::* cpe:2.3:a:sun:sdk:1.4.2_17:::::::* cpe:2.3:a:sun:sdk:1.4.2_16:::::::* cpe:2.3:a:sun:sdk:1.4.2_15:::::::* cpe:2.3:a:sun:sdk:1.4.2_14:::::::* cpe:2.3:a:sun:sdk:1.4.2_13:::::::* cpe:2.3:a:sun:sdk:1.4.2_12:::::::* cpe:2.3:a:sun:sdk:1.4.2_11:::::::* cpe:2.3:a:sun:sdk:1.4.2_10:::::::* cpe:2.3:a:sun:sdk:1.4.2_1:::::::* cpe:2.3:a:sun:sdk:1.4.2_09:::::::* cpe:2.3:a:sun:sdk:1.4.2_08:::::::* cpe:2.3:a:sun:sdk:1.4.2_07:::::::* cpe:2.3:a:sun:sdk:1.4.2_06:::::::* cpe:2.3:a:sun:sdk:1.4.2_05:::::::* cpe:2.3:a:sun:sdk:1.4.2_04:::::::* cpe:2.3:a:sun:sdk:1.4.2_03:::::::* cpe:2.3:a:sun:sdk:1.4.2_02:::::::* cpe:2.3:a:sun:sdk:1.4.2_01:::::::* cpe:2.3:a:sun:sdk:1.3.1_9:::::::* cpe:2.3:a:sun:sdk:1.3.1_8:::::::* cpe:2.3:a:sun:sdk:1.3.1_7:::::::* cpe:2.3:a:sun:sdk:1.3.1_6:::::::* cpe:2.3:a:sun:sdk:1.3.1_5:::::::* cpe:2.3:a:sun:sdk:1.3.1_4:::::::* cpe:2.3:a:sun:sdk:1.3.1_3:::::::* cpe:2.3:a:sun:sdk:1.3.1_25:::::::* cpe:2.3:a:sun:sdk:1.3.1_24:::::::* cpe:2.3:a:sun:sdk:1.3.1_23:::::::* cpe:2.3:a:sun:sdk:1.3.1_22:::::::* cpe:2.3:a:sun:sdk:1.3.1_21:::::::* cpe:2.3:a:sun:sdk:1.3.1_20:::::::* cpe:2.3:a:sun:sdk:1.3.1_2:::::::* cpe:2.3:a:sun:sdk:1.3.1_19:::::::* cpe:2.3:a:sun:sdk:1.3.1_18:::::::* cpe:2.3:a:sun:sdk:1.3.1_17:::::::* cpe:2.3:a:sun:sdk:1.3.1_16:::::::* cpe:2.3:a:sun:sdk:1.3.1_15:::::::* cpe:2.3:a:sun:sdk:1.3.1_14:::::::* cpe:2.3:a:sun:sdk:1.3.1_13:::::::* cpe:2.3:a:sun:sdk:1.3.1_12:::::::* cpe:2.3:a:sun:sdk:1.3.1_11:::::::* cpe:2.3:a:sun:sdk:1.3.1_10:::::::* cpe:2.3:a:sun:sdk:1.3.1_09:::::::* cpe:2.3:a:sun:sdk:1.3.1_08:::::::* cpe:2.3:a:sun:sdk:1.3.1_07:::::::* cpe:2.3:a:sun:sdk:1.3.1_06:::::::* cpe:2.3:a:sun:sdk:1.3.1_05:::::::* cpe:2.3:a:sun:sdk:1.3.1_04:::::::* cpe:2.3:a:sun:sdk:1.3.1_03:::::::* cpe:2.3:a:sun:sdk:1.3.1_02:::::::* cpe:2.3:a:sun:sdk:1.3.1_01a:::::::* cpe:2.3:a:sun:sdk:1.3.1_01:::::::*	66

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for java CESA-2009:1584 centos5 i386 File : nvt/gb_CESA-2009_1584_java_centos5_i386.nasl
2010-05-28	Name : Java for Mac OS X 10.6 Update 1 File : nvt/macosx_java_for_10_6_upd_1.nasl
2010-05-28	Name : Java for Mac OS X 10.5 Update 6 File : nvt/macosx_java_for_10_5_upd_6.nasl
2010-04-30	Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl
2010-03-02	Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl
2010-02-15	Name : HP-UX Update for Java HPSBUX02503 File : nvt/gb_hp_ux_HPSBUX02503.nasl
2009-12-30	Name : RedHat Security Advisory RHSA-2009:1694 File : nvt/RHSA_2009_1694.nasl
2009-12-14	Name : RedHat Security Advisory RHSA-2009:1643 File : nvt/RHSA_2009_1643.nasl
2009-12-14	Name : RedHat Security Advisory RHSA-2009:1647 File : nvt/RHSA_2009_1647.nasl
2009-11-23	Name : SuSE Security Advisory SUSE-SA:2009:058 (java-1_6_0-sun) File : nvt/suse_sa_2009_058.nasl
2009-11-23	Name : CentOS Security Advisory CESA-2009:1584 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1584.nasl
2009-11-17	Name : Fedora Core 10 FEDORA-2009-11490 (java-1.6.0-openjdk) File : nvt/fcore_2009_11490.nasl
2009-11-17	Name : Fedora Core 12 FEDORA-2009-11489 (java-1.6.0-openjdk) File : nvt/fcore_2009_11489.nasl
2009-11-17	Name : Fedora Core 11 FEDORA-2009-11486 (java-1.6.0-openjdk) File : nvt/fcore_2009_11486.nasl
2009-11-17	Name : RedHat Security Advisory RHSA-2009:1584 File : nvt/RHSA_2009_1584.nasl
2009-11-13	Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux) File : nvt/gb_sun_java_jre_mult_vuln_nov09_lin.nasl
2009-11-13	Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Win) File : nvt/gb_sun_java_jre_mult_vuln_nov09_win.nasl
2009-11-11	Name : RedHat Security Advisory RHSA-2009:1560 File : nvt/RHSA_2009_1560.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
59707	Sun Java JDK / JRE MessageDigest.isEqual Function HMAC Digest Signature Forge...

Snort® IPS/IDS

Date	Description
2014-01-10	Oracle Java runtime JPEGImageReader overflow attempt RuleID : 20055 - Revision : 11 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_269868_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091109_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6741.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6755.nasl - Type : ACT_GATHER_INFO
2010-04-29	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO
2010-03-31	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-100105.nasl - Type : ACT_GATHER_INFO
2010-01-12	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6757.nasl - Type : ACT_GATHER_INFO
2010-01-12	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-100105.nasl - Type : ACT_GATHER_INFO
2010-01-12	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12565.nasl - Type : ACT_GATHER_INFO
2010-01-08	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6740.nasl - Type : ACT_GATHER_INFO
2009-12-27	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12564.nasl - Type : ACT_GATHER_INFO
2009-12-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO
2009-12-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1647.nasl - Type : ACT_GATHER_INFO
2009-12-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1643.nasl - Type : ACT_GATHER_INFO
2009-12-04	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update6.nasl - Type : ACT_GATHER_INFO
2009-12-04	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update1.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-091127.nasl - Type : ACT_GATHER_INFO
2009-11-19	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19	Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-11-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2009-11-16	Name : The remote Fedora host is missing a security update. File : fedora_2009-11489.nasl - Type : ACT_GATHER_INFO
2009-11-16	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-859-1.nasl - Type : ACT_GATHER_INFO
2009-11-16	Name : The remote Fedora host is missing a security update. File : fedora_2009-11490.nasl - Type : ACT_GATHER_INFO
2009-11-16	Name : The remote Fedora host is missing a security update. File : fedora_2009-11486.nasl - Type : ACT_GATHER_INFO
2009-11-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1571.nasl - Type : ACT_GATHER_INFO
2009-11-11	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO
2009-11-11	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1560.nasl - Type : ACT_GATHER_INFO
2009-11-04	Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_269868.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	4
CPE ID(s)	208
osvdb(s)	1
Openvas Exploit(s)	18
Snort® Rule(s)	1
Nessus® Exploit(s)	39

	Related
5	CVE-2009-3875
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)