5 - SUN-270476

Executive Summary

Summary
Title	Sun Alert 270476 Two Security Vulnerabilities in the Java Runtime Environment With Decoding DER Encoded Data and Parsing HTTP Headers may Result in a Denial of Service (DoS)

Informations
Name	SUN-270476	First vendor Publication	2009-11-03
Vendor	Sun	Last vendor Modification	2010-01-21
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Java Platform, Standard Edition 6 (Java SE 6)

Two vulnerabilities in the Java Runtime Environment with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition.

Sun acknowledges with thanks, BFK edv-consulting GmbH, for bringing the first issue to our attention.

State: Resolved

First released: 03-Nov-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_270476_two_security

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10328

Oval ID:	oval:org.mitre.oval:def:10328
Title:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3876	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.7.b09.el5

Definition Id: oval:org.mitre.oval:def:10469

Oval ID:	oval:org.mitre.oval:def:10469
Title:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3877	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.7.b09.el5 AND java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.7.b09.el5

Definition Id: oval:org.mitre.oval:def:11934

Oval ID:	oval:org.mitre.oval:def:11934
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3876	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 HP Release B.11.11 AND filesets tests Jdk15.JDK15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-COM version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-COM version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.19.00 OR Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 platforms HP-UX B.11.31 AND HP Release B.11.11 AND HP Release B.11.23 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-COM version is less than 1.4.2.24.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-COM version is less than 1.4.2.24.00 OR Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 platforms HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk60.JDK60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-COM version is less than 1.6.0.06.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.06.00 AND Jdk60.JDK60-COM version is less than 1.6.0.06.00

Definition Id: oval:org.mitre.oval:def:12232

Oval ID:	oval:org.mitre.oval:def:12232
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3877	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 HP Release B.11.11 AND filesets tests Jdk15.JDK15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-COM version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-COM version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.19.00 OR Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 platforms HP-UX B.11.31 AND HP Release B.11.11 AND HP Release B.11.23 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-COM version is less than 1.4.2.24.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-COM version is less than 1.4.2.24.00 OR Criteria meets HP Security Bulletin HPSBUX02503 SSRT100019 rev.1 platforms HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk60.JDK60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-COM version is less than 1.6.0.06.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.06.00 AND Jdk60.JDK60-COM version is less than 1.6.0.06.00

Definition Id: oval:org.mitre.oval:def:22842

Oval ID:	oval:org.mitre.oval:def:22842
Title:	ELSA-2009:1647: java-1.5.0-ibm security update (Critical)
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1647-01 CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877	Version:	45
Platform(s):	Oracle Linux 5	Product(s):	java-1.5.0-ibm
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.11-1jpp.1.el5 AND java-1.5.0-ibm is earlier than 1:1.5.0.11-1jpp.1.el5 AND java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.11-1jpp.1.el5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.11-1jpp.1.el5 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.11-1jpp.1.el5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.11-1jpp.1.el5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.11-1jpp.1.el5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.11-1jpp.1.el5

Definition Id: oval:org.mitre.oval:def:22907

Oval ID:	oval:org.mitre.oval:def:22907
Title:	ELSA-2009:1694: java-1.6.0-ibm security update (Critical)
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1694-01 CVE-2009-0217 CVE-2009-3555 CVE-2009-3865 CVE-2009-3866 CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877	Version:	61
Platform(s):	Oracle Linux 5	Product(s):	java-1.6.0-ibm
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.7-1jpp.2.el5 AND java-1.6.0-ibm is earlier than 1:1.6.0.7-1jpp.2.el5 AND java-1.6.0-ibm-accessibility is earlier than 1:1.6.0.7-1jpp.2.el5 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.7-1jpp.2.el5 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.7-1jpp.2.el5 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.7-1jpp.2.el5 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.7-1jpp.2.el5 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.7-1jpp.2.el5

Definition Id: oval:org.mitre.oval:def:22972

Oval ID:	oval:org.mitre.oval:def:22972
Title:	ELSA-2009:1643: java-1.4.2-ibm security update (Critical)
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1643-01 CVE-2009-3867 CVE-2009-3868 CVE-2009-3869 CVE-2009-3871 CVE-2009-3872 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877	Version:	45
Platform(s):	Oracle Linux 5	Product(s):	java-1.4.2-ibm
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.4.2-ibm is earlier than 0:1.4.2.13.3-1jpp.1.el5 AND java-1.4.2-ibm-devel is earlier than 0:1.4.2.13.3-1jpp.1.el5 AND java-1.4.2-ibm-src is earlier than 0:1.4.2.13.3-1jpp.1.el5 AND java-1.4.2-ibm-demo is earlier than 0:1.4.2.13.3-1jpp.1.el5 AND java-1.4.2-ibm-javacomm is earlier than 0:1.4.2.13.3-1jpp.1.el5 AND java-1.4.2-ibm-plugin is earlier than 0:1.4.2.13.3-1jpp.1.el5 AND java-1.4.2-ibm-jdbc is earlier than 0:1.4.2.13.3-1jpp.1.el5

Definition Id: oval:org.mitre.oval:def:6805

Oval ID:	oval:org.mitre.oval:def:6805
Title:	OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted DER Encoded Data
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3876	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005402-SG is not installed

Definition Id: oval:org.mitre.oval:def:7148

Oval ID:	oval:org.mitre.oval:def:7148
Title:	OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted HTTP Headers
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3877	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005402-SG is not installed

Definition Id: oval:org.mitre.oval:def:8330

Oval ID:	oval:org.mitre.oval:def:8330
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3877	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
IF HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.24.00 AND Jre14.JRE14-COM version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.24.00 AND Jdk14.JDK14-COM version is less than 1.4.2.24.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.19.00 AND Jre15.JRE15-COM version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.19.00 AND Jdk15.JDK15-COM version is less than 1.5.0.19.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.06.00 AND Jdk60.JDK60-COM version is less than 1.6.0.06.00 AND Jre60.JRE60-COM version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.06.00

Definition Id: oval:org.mitre.oval:def:8608

Oval ID:	oval:org.mitre.oval:def:8608
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3876	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
IF HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.24.00 AND Jre14.JRE14-COM version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.24.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.24.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.24.00 AND Jdk14.JDK14-COM version is less than 1.4.2.24.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.19.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.19.00 AND Jre15.JRE15-COM version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.19.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.19.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.19.00 AND Jdk15.JDK15-COM version is less than 1.5.0.19.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.06.00 AND Jdk60.JDK60-COM version is less than 1.6.0.06.00 AND Jre60.JRE60-COM version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.06.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.06.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.06.00

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sun Jdk cpe:2.3:a:sun:jdk:1.6.0:update1:::::: cpe:2.3:a:sun:jdk:1.6.0:update2:::::: cpe:2.3:a:sun:jdk:1.6.0:update9:::::: cpe:2.3:a:sun:jdk:1.6.0:update10:::::: cpe:2.3:a:sun:jdk:1.6.0:update14:::::: cpe:2.3:a:sun:jdk:1.6.0:update6:::::: cpe:2.3:a:sun:jdk:1.6.0:update11:::::: cpe:2.3:a:sun:jdk:1.6.0:update3:::::: cpe:2.3:a:sun:jdk:1.6.0:update5:::::: cpe:2.3:a:sun:jdk:1.6.0:update13:::::: cpe:2.3:a:sun:jdk:1.6.0:update12:::::: cpe:2.3:a:sun:jdk:1.6.0:update4:::::: cpe:2.3:a:sun:jdk:1.6.0:update15:::::: cpe:2.3:a:sun:jdk:1.6.0:update7:::::: cpe:2.3:a:sun:jdk:1.6.0:update8:::::: cpe:2.3:a:sun:jdk:1.6.0:update16:::::: cpe:2.3:a:sun:jdk:1.5.0:update10:::::: cpe:2.3:a:sun:jdk:1.5.0:update5:::::: cpe:2.3:a:sun:jdk:1.5.0:update7:::::: cpe:2.3:a:sun:jdk:1.5.0:update6:::::: cpe:2.3:a:sun:jdk:1.5.0:update3:::::: cpe:2.3:a:sun:jdk:1.5.0:update16:::::: cpe:2.3:a:sun:jdk:1.5.0:update4:::::: cpe:2.3:a:sun:jdk:1.5.0:update17:::::: cpe:2.3:a:sun:jdk:1.5.0:update9:::::: cpe:2.3:a:sun:jdk:1.5.0:update19:::::: cpe:2.3:a:sun:jdk:1.5.0:update15:::::: cpe:2.3:a:sun:jdk:1.5.0:update21:::::: cpe:2.3:a:sun:jdk:1.5.0:update2:::::: cpe:2.3:a:sun:jdk:1.5.0:update12:::::: cpe:2.3:a:sun:jdk:1.5.0:update8:::::: cpe:2.3:a:sun:jdk:1.5.0:update18:::::: cpe:2.3:a:sun:jdk:1.5.0:update11:::::: cpe:2.3:a:sun:jdk:1.5.0:update20:::::: cpe:2.3:a:sun:jdk:1.5.0:update14:::::: cpe:2.3:a:sun:jdk:1.5.0:update13:::::: cpe:2.3:a:sun:jdk:1.5.0:update1:::::: cpe:2.3:a:sun:jdk:1.5.0:update11_b03:::::: cpe:2.3:a:sun:jdk:1.5.0:update7_b03::::::	39
Application	Sun Jre cpe:2.3:a:sun:jre:1.6.0:update_1:::::: cpe:2.3:a:sun:jre:1.6.0:update_3:::::: cpe:2.3:a:sun:jre:1.6.0:update_2:::::: cpe:2.3:a:sun:jre:1.6.0:update11:::::: cpe:2.3:a:sun:jre:1.6.0:update15:::::: cpe:2.3:a:sun:jre:1.6.0:update16:::::: cpe:2.3:a:sun:jre:1.6.0:update5:::::: cpe:2.3:a:sun:jre:1.6.0:update10:::::: cpe:2.3:a:sun:jre:1.6.0:update9:::::: cpe:2.3:a:sun:jre:1.6.0:update8:::::: cpe:2.3:a:sun:jre:1.6.0:update14:::::: cpe:2.3:a:sun:jre:1.6.0:update7:::::: cpe:2.3:a:sun:jre:1.6.0:update12:::::: cpe:2.3:a:sun:jre:1.6.0:update6:::::: cpe:2.3:a:sun:jre:1.6.0:update13:::::: cpe:2.3:a:sun:jre:1.6.0:update4:::::: cpe:2.3:a:sun:jre:1.5.0:update16:::::: cpe:2.3:a:sun:jre:1.5.0:update17:::::: cpe:2.3:a:sun:jre:1.5.0:update15:::::: cpe:2.3:a:sun:jre:1.5.0:update12:::::: cpe:2.3:a:sun:jre:1.5.0:update10:::::: cpe:2.3:a:sun:jre:1.5.0:update6:::::: cpe:2.3:a:sun:jre:1.5.0:update13:::::: cpe:2.3:a:sun:jre:1.5.0:update14:::::: cpe:2.3:a:sun:jre:1.5.0:update11:::::: cpe:2.3:a:sun:jre:1.5.0:update18:::::: cpe:2.3:a:sun:jre:1.5.0:update8:::::: cpe:2.3:a:sun:jre:1.5.0:update1:::::: cpe:2.3:a:sun:jre:1.5.0:update9:::::: cpe:2.3:a:sun:jre:1.5.0:update21:::::: cpe:2.3:a:sun:jre:1.5.0:update20:::::: cpe:2.3:a:sun:jre:1.5.0:update3:::::: cpe:2.3:a:sun:jre:1.5.0:update4:::::: cpe:2.3:a:sun:jre:1.5.0:update5:::::: cpe:2.3:a:sun:jre:1.5.0:update2:::::: cpe:2.3:a:sun:jre:1.5.0:update7:::::: cpe:2.3:a:sun:jre:1.5.0:update19:::::: cpe:2.3:a:sun:jre:1.4.2_9:::::::* cpe:2.3:a:sun:jre:1.4.2_8:::::::* cpe:2.3:a:sun:jre:1.4.2_7:::::::* cpe:2.3:a:sun:jre:1.4.2_6:::::::* cpe:2.3:a:sun:jre:1.4.2_5:::::::* cpe:2.3:a:sun:jre:1.4.2_4:::::::* cpe:2.3:a:sun:jre:1.4.2_3:::::::* cpe:2.3:a:sun:jre:1.4.2_23:::::::* cpe:2.3:a:sun:jre:1.4.2_22:::::::* cpe:2.3:a:sun:jre:1.4.2_21:::::::* cpe:2.3:a:sun:jre:1.4.2_20:::::::* cpe:2.3:a:sun:jre:1.4.2_2:::::::* cpe:2.3:a:sun:jre:1.4.2_19:::::::* cpe:2.3:a:sun:jre:1.4.2_18:::::::* cpe:2.3:a:sun:jre:1.4.2_17:::::::* cpe:2.3:a:sun:jre:1.4.2_16:::::::* cpe:2.3:a:sun:jre:1.4.2_15:::::::* cpe:2.3:a:sun:jre:1.4.2_14:::::::* cpe:2.3:a:sun:jre:1.4.2_13:::::::* cpe:2.3:a:sun:jre:1.4.2_12:::::::* cpe:2.3:a:sun:jre:1.4.2_11:::::::* cpe:2.3:a:sun:jre:1.4.2_10:::::::* cpe:2.3:a:sun:jre:1.4.2_1:::::::* cpe:2.3:a:sun:jre:1.4.2_09:::::::* cpe:2.3:a:sun:jre:1.4.2_08:::::::* cpe:2.3:a:sun:jre:1.4.2_07:::::::* cpe:2.3:a:sun:jre:1.4.2_06:::::::* cpe:2.3:a:sun:jre:1.4.2_05:::::::* cpe:2.3:a:sun:jre:1.4.2_04:::::::* cpe:2.3:a:sun:jre:1.4.2_03:::::::* cpe:2.3:a:sun:jre:1.4.2_02:::::::* cpe:2.3:a:sun:jre:1.3.1_9:::::::* cpe:2.3:a:sun:jre:1.3.1_8:::::::* cpe:2.3:a:sun:jre:1.3.1_7:::::::* cpe:2.3:a:sun:jre:1.3.1_6:::::::* cpe:2.3:a:sun:jre:1.3.1_5:::::::* cpe:2.3:a:sun:jre:1.3.1_4:::::::* cpe:2.3:a:sun:jre:1.3.1_3:::::::* cpe:2.3:a:sun:jre:1.3.1_25:::::::* cpe:2.3:a:sun:jre:1.3.1_24:::::::* cpe:2.3:a:sun:jre:1.3.1_23:::::::* cpe:2.3:a:sun:jre:1.3.1_22:::::::* cpe:2.3:a:sun:jre:1.3.1_21:::::::* cpe:2.3:a:sun:jre:1.3.1_20:::::::* cpe:2.3:a:sun:jre:1.3.1_2:::::::* cpe:2.3:a:sun:jre:1.3.1_19:::::::* cpe:2.3:a:sun:jre:1.3.1_18:::::::* cpe:2.3:a:sun:jre:1.3.1_17:::::::* cpe:2.3:a:sun:jre:1.3.1_16:::::::* cpe:2.3:a:sun:jre:1.3.1_15:::::::* cpe:2.3:a:sun:jre:1.3.1_14:::::::* cpe:2.3:a:sun:jre:1.3.1_13:::::::* cpe:2.3:a:sun:jre:1.3.1_12:::::::* cpe:2.3:a:sun:jre:1.3.1_11:::::::* cpe:2.3:a:sun:jre:1.3.1_10:::::::* cpe:2.3:a:sun:jre:1.3.1_1:::::::* cpe:2.3:a:sun:jre:1.3.1_09:::::::* cpe:2.3:a:sun:jre:1.3.1_08:::::::* cpe:2.3:a:sun:jre:1.3.1_07:::::::* cpe:2.3:a:sun:jre:1.3.1_06:::::::* cpe:2.3:a:sun:jre:1.3.1_05:::::::* cpe:2.3:a:sun:jre:1.3.1_04:::::::* cpe:2.3:a:sun:jre:1.3.1_03:::::::* cpe:2.3:a:sun:jre:1.3.1_02:::::::* cpe:2.3:a:sun:jre:1.3.1_01a:::::::* cpe:2.3:a:sun:jre:1.3.1_01:::::::*	103
Application	Sun Sdk cpe:2.3:a:sun:sdk:1.4.2_9:::::::* cpe:2.3:a:sun:sdk:1.4.2_8:::::::* cpe:2.3:a:sun:sdk:1.4.2_7:::::::* cpe:2.3:a:sun:sdk:1.4.2_6:::::::* cpe:2.3:a:sun:sdk:1.4.2_5:::::::* cpe:2.3:a:sun:sdk:1.4.2_4:::::::* cpe:2.3:a:sun:sdk:1.4.2_3:::::::* cpe:2.3:a:sun:sdk:1.4.2_23:::::::* cpe:2.3:a:sun:sdk:1.4.2_22:::::::* cpe:2.3:a:sun:sdk:1.4.2_21:::::::* cpe:2.3:a:sun:sdk:1.4.2_20:::::::* cpe:2.3:a:sun:sdk:1.4.2_2:::::::* cpe:2.3:a:sun:sdk:1.4.2_19:::::::* cpe:2.3:a:sun:sdk:1.4.2_18:::::::* cpe:2.3:a:sun:sdk:1.4.2_17:::::::* cpe:2.3:a:sun:sdk:1.4.2_16:::::::* cpe:2.3:a:sun:sdk:1.4.2_15:::::::* cpe:2.3:a:sun:sdk:1.4.2_14:::::::* cpe:2.3:a:sun:sdk:1.4.2_13:::::::* cpe:2.3:a:sun:sdk:1.4.2_12:::::::* cpe:2.3:a:sun:sdk:1.4.2_11:::::::* cpe:2.3:a:sun:sdk:1.4.2_10:::::::* cpe:2.3:a:sun:sdk:1.4.2_1:::::::* cpe:2.3:a:sun:sdk:1.4.2_09:::::::* cpe:2.3:a:sun:sdk:1.4.2_08:::::::* cpe:2.3:a:sun:sdk:1.4.2_07:::::::* cpe:2.3:a:sun:sdk:1.4.2_06:::::::* cpe:2.3:a:sun:sdk:1.4.2_05:::::::* cpe:2.3:a:sun:sdk:1.4.2_04:::::::* cpe:2.3:a:sun:sdk:1.4.2_03:::::::* cpe:2.3:a:sun:sdk:1.4.2_02:::::::* cpe:2.3:a:sun:sdk:1.4.2_01:::::::* cpe:2.3:a:sun:sdk:1.3.1_9:::::::* cpe:2.3:a:sun:sdk:1.3.1_8:::::::* cpe:2.3:a:sun:sdk:1.3.1_7:::::::* cpe:2.3:a:sun:sdk:1.3.1_6:::::::* cpe:2.3:a:sun:sdk:1.3.1_5:::::::* cpe:2.3:a:sun:sdk:1.3.1_4:::::::* cpe:2.3:a:sun:sdk:1.3.1_3:::::::* cpe:2.3:a:sun:sdk:1.3.1_25:::::::* cpe:2.3:a:sun:sdk:1.3.1_24:::::::* cpe:2.3:a:sun:sdk:1.3.1_23:::::::* cpe:2.3:a:sun:sdk:1.3.1_22:::::::* cpe:2.3:a:sun:sdk:1.3.1_21:::::::* cpe:2.3:a:sun:sdk:1.3.1_20:::::::* cpe:2.3:a:sun:sdk:1.3.1_2:::::::* cpe:2.3:a:sun:sdk:1.3.1_19:::::::* cpe:2.3:a:sun:sdk:1.3.1_18:::::::* cpe:2.3:a:sun:sdk:1.3.1_17:::::::* cpe:2.3:a:sun:sdk:1.3.1_16:::::::* cpe:2.3:a:sun:sdk:1.3.1_15:::::::* cpe:2.3:a:sun:sdk:1.3.1_14:::::::* cpe:2.3:a:sun:sdk:1.3.1_13:::::::* cpe:2.3:a:sun:sdk:1.3.1_12:::::::* cpe:2.3:a:sun:sdk:1.3.1_11:::::::* cpe:2.3:a:sun:sdk:1.3.1_10:::::::* cpe:2.3:a:sun:sdk:1.3.1_09:::::::* cpe:2.3:a:sun:sdk:1.3.1_08:::::::* cpe:2.3:a:sun:sdk:1.3.1_07:::::::* cpe:2.3:a:sun:sdk:1.3.1_06:::::::* cpe:2.3:a:sun:sdk:1.3.1_05:::::::* cpe:2.3:a:sun:sdk:1.3.1_04:::::::* cpe:2.3:a:sun:sdk:1.3.1_03:::::::* cpe:2.3:a:sun:sdk:1.3.1_02:::::::* cpe:2.3:a:sun:sdk:1.3.1_01a:::::::* cpe:2.3:a:sun:sdk:1.3.1_01:::::::*	66

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for java CESA-2009:1584 centos5 i386 File : nvt/gb_CESA-2009_1584_java_centos5_i386.nasl
2010-05-28	Name : Java for Mac OS X 10.6 Update 1 File : nvt/macosx_java_for_10_6_upd_1.nasl
2010-05-28	Name : Java for Mac OS X 10.5 Update 6 File : nvt/macosx_java_for_10_5_upd_6.nasl
2010-04-30	Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl
2010-03-02	Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl
2010-02-15	Name : HP-UX Update for Java HPSBUX02503 File : nvt/gb_hp_ux_HPSBUX02503.nasl
2009-12-30	Name : RedHat Security Advisory RHSA-2009:1694 File : nvt/RHSA_2009_1694.nasl
2009-12-14	Name : RedHat Security Advisory RHSA-2009:1643 File : nvt/RHSA_2009_1643.nasl
2009-12-14	Name : RedHat Security Advisory RHSA-2009:1647 File : nvt/RHSA_2009_1647.nasl
2009-11-23	Name : SuSE Security Advisory SUSE-SA:2009:058 (java-1_6_0-sun) File : nvt/suse_sa_2009_058.nasl
2009-11-23	Name : CentOS Security Advisory CESA-2009:1584 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1584.nasl
2009-11-17	Name : Fedora Core 10 FEDORA-2009-11490 (java-1.6.0-openjdk) File : nvt/fcore_2009_11490.nasl
2009-11-17	Name : Fedora Core 12 FEDORA-2009-11489 (java-1.6.0-openjdk) File : nvt/fcore_2009_11489.nasl
2009-11-17	Name : Fedora Core 11 FEDORA-2009-11486 (java-1.6.0-openjdk) File : nvt/fcore_2009_11486.nasl
2009-11-17	Name : RedHat Security Advisory RHSA-2009:1584 File : nvt/RHSA_2009_1584.nasl
2009-11-17	Name : RedHat Security Advisory RHSA-2009:1571 File : nvt/RHSA_2009_1571.nasl
2009-11-13	Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux) File : nvt/gb_sun_java_jre_mult_vuln_nov09_lin.nasl
2009-11-13	Name : Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Win) File : nvt/gb_sun_java_jre_mult_vuln_nov09_win.nasl
2009-11-11	Name : RedHat Security Advisory RHSA-2009:1560 File : nvt/RHSA_2009_1560.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
59706	Sun Java JDK / JRE HTTP Header Parsing Unspecified Memory Exhaustion DoS
59705	Sun Java JDK / JRE DER Encoded Data Decoding Unspecified Memory Exhaustion DoS

Snort® IPS/IDS

Date	Description
2014-01-10	Oracle Java runtime JPEGImageReader overflow attempt RuleID : 20055 - Revision : 11 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_269868_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091109_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6741.nasl - Type : ACT_GATHER_INFO
2010-04-29	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO
2010-03-31	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-100105.nasl - Type : ACT_GATHER_INFO
2010-01-08	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6740.nasl - Type : ACT_GATHER_INFO
2009-12-27	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12564.nasl - Type : ACT_GATHER_INFO
2009-12-27	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO
2009-12-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1647.nasl - Type : ACT_GATHER_INFO
2009-12-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1643.nasl - Type : ACT_GATHER_INFO
2009-12-04	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update6.nasl - Type : ACT_GATHER_INFO
2009-12-04	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update1.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-091127.nasl - Type : ACT_GATHER_INFO
2009-11-19	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19	Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-19	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-091113.nasl - Type : ACT_GATHER_INFO
2009-11-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-11-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1584.nasl - Type : ACT_GATHER_INFO
2009-11-16	Name : The remote Fedora host is missing a security update. File : fedora_2009-11486.nasl - Type : ACT_GATHER_INFO
2009-11-16	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-859-1.nasl - Type : ACT_GATHER_INFO
2009-11-16	Name : The remote Fedora host is missing a security update. File : fedora_2009-11490.nasl - Type : ACT_GATHER_INFO
2009-11-16	Name : The remote Fedora host is missing a security update. File : fedora_2009-11489.nasl - Type : ACT_GATHER_INFO
2009-11-11	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO
2009-11-11	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-091109.nasl - Type : ACT_GATHER_INFO
2009-11-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1571.nasl - Type : ACT_GATHER_INFO
2009-11-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1560.nasl - Type : ACT_GATHER_INFO
2009-11-04	Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_269868.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	11
CPE ID(s)	208
osvdb(s)	2
Openvas Exploit(s)	19
Snort® Rule(s)	1
Nessus® Exploit(s)	36

	Related
5	CVE-2009-3877
5	CVE-2009-3876
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)