This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2007-07-11
Product Jre Last view 2009-08-05
Version 5.0 Type Application
Update update_12  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:jre

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
10 2009-08-05 CVE-2009-2675

Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression.

7.5 2009-08-05 CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.

7.5 2009-08-05 CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.

5 2009-08-05 CVE-2009-2671

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

5 2009-08-05 CVE-2009-2670

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

9.3 2008-12-05 CVE-2008-5358

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.

9.3 2008-12-05 CVE-2008-5356

Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.

10 2008-12-05 CVE-2008-5355

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

9.3 2008-12-05 CVE-2008-5354

Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.

10 2008-12-05 CVE-2008-5353

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".

9.3 2008-12-05 CVE-2008-5352

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.

7.5 2008-12-05 CVE-2008-5351

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.

5 2008-12-05 CVE-2008-5350

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.

7.1 2008-12-05 CVE-2008-5349

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.

7.1 2008-12-05 CVE-2008-5348

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.

7.5 2008-12-05 CVE-2008-5347

Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.

7.5 2008-12-05 CVE-2008-5344

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.

9 2008-12-05 CVE-2008-5343

Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535.

5 2008-12-05 CVE-2008-5342

Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.

5 2008-12-05 CVE-2008-5341

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.

10 2008-12-05 CVE-2008-5340

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.

5 2008-12-05 CVE-2008-5339

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079.

9.3 2008-12-04 CVE-2008-2086

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.

7.5 2008-07-09 CVE-2008-3115

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.

5 2008-07-09 CVE-2008-3114

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.

CWE : Common Weakness Enumeration

%idName
53% (16) CWE-264 Permissions, Privileges, and Access Controls
13% (4) CWE-200 Information Exposure
13% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6% (2) CWE-20 Improper Input Validation
3% (1) CWE-287 Improper Authentication
3% (1) CWE-189 Numeric Errors
3% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
3% (1) CWE-16 Configuration

SAINT Exploits

Description Link
Sun Java Web Start JNLP file j2se element heap-size buffer overflow More info here
Java Runtime Environment JAR manifest Main Class buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
56788 Sun Java JDK / JRE Audio System Unauthorized java.lang.System Properties Access
56786 Sun Java JDK / JRE Pack200 JAR File Decoding Inner Class Count Overflow
56785 Sun Java JDK / JRE Proxy Mechanism Implementation Arbitrary Host Connection
56784 Sun Java JDK / JRE Proxy Mechanism Implementation Unauthorized Browser Cookie...
56783 Sun Java JDK / JRE SOCKS Proxy Implementation Applet Process Owner Disclosure
50516 Sun Java JDK / JRE TrueType Font Processing Heap Overflow
50515 Sun Java JDK / JRE GIF Image Decoding Memory Corruption
50514 Sun Java JDK / JRE Java Web Start BasicService Arbitrary File Access
50513 Sun Java JDK / JRE Applet Classloading Privilege Escalation
50512 Sun Java JDK / JRE Jave Web Start / Plug-in HTTP Session Hijacking
50511 Sun Java JDK / JRE Java Web Start SingleInstanceImpl Class SI_FILEDIR Propert...
50510 Sun Java JDK / JRE Java Web Start (JWS) JNLP File System Properties Override ...
50509 Sun Java JDK / JRE Java Web Start Application file: Protocol Arbitrary File A...
50506 Sun Java JDK / JRE JAX-WS / JAXB Packages Internal Classes Applet Privilege E...
50505 Sun Java JDK / JRE Kerberos Authentication Unspecified Remote DoS
50504 Sun Java JDK / JRE RSA Public Key Processing Resource Consumption DoS
50503 Sun Java JDK / JRE Untrusted Applet User Home Directory Content Listing
50502 Sun Java JDK / JRE UTF-8 Decoder Non-shortest Form Sequence Handling Weakness
50501 Sun Java JDK / JRE Unpack200 JAR Utility Privilege Escalation
50500 Sun Java JDK / JRE Deserializing Calendar Object Privilege Escalation
50499 Sun Java JDK / JRE Command Line Application Overflow
50498 Sun Java JDK / JRE Java Update Mechanism Digital Signature Verification Weakness
50497 Sun Java JDK / JRE Java Web Start Application JNLP File Handling Socket Restr...
46967 Sun Java JDK / JRE Java Management Extensions (JMX) Management Agent Remote P...
46965 Sun Java JDK / JRE XML Data Handling Unspecified Arbitrary URL Access

ExploitDB Exploits

id Description
16302 Signed Applet Social Engineering Code Exec
16293 Sun Java Calendar Deserialization Exploit
9948 Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserializati...
8753 Mac OS X Java applet Remote Deserialization Remote PoC (updated)

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2011-08-09 Name : CentOS Update for java CESA-2009:1201 centos5 i386
File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 2
File : nvt/macosx_java_for_10_5_upd_2.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 3
File : nvt/macosx_java_for_10_5_upd_3.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 5
File : nvt/macosx_java_for_10_5_upd_5.nasl
2009-11-17 Name : RedHat Security Advisory RHSA-2009:1582
File : nvt/RHSA_2009_1582.nasl
2009-11-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-10-27 Name : SuSE Security Summary SUSE-SR:2009:017
File : nvt/suse_sr_2009_017.nasl
2009-10-19 Name : RedHat Security Advisory RHSA-2009:1505
File : nvt/RHSA_2009_1505.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : SLES10: Security update for Java 1.4.2
File : nvt/sles10_java-1_4_2-sun0.nasl
2009-10-13 Name : SLES10: Security update for Sun Java 1.4.2
File : nvt/sles10_java-1_4_2-sun.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm3.nasl
2009-10-13 Name : SLES10: Security update for Sun Java
File : nvt/sles10_java-1_4_2-sun1.nasl
2009-10-13 Name : SLES10: Security update for IBM Java
File : nvt/sles10_java-1_4_2-ibm2.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm1.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm0.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 5
File : nvt/sles10_java-1_5_0-ibm.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm2.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.5
File : nvt/sles10_java-1_5_0-ibm3.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm4.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm0.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-A-0136 Multiple Vulnerabilities in Juniper Network Management Products
Severity: Category I - VMSKEY: V0033662
2009-A-0105 Multiple Vulnerabilities in VMware Products
Severity: Category I - VMSKEY: V0021867

Snort® IPS/IDS

Date Description
2014-01-10 Oracle Java Web Start JNLP j2se key value buffer overflow attempt
RuleID : 24906 - Type : FILE-JAVA - Revision : 6
2014-01-10 Oracle Java Web Start JNLP j2se key value buffer overflow attempt
RuleID : 24905 - Type : FILE-JAVA - Revision : 6
2014-01-10 Oracle Java Web Start JNLP j2se key value buffer overflow attempt
RuleID : 24904 - Type : FILE-JAVA - Revision : 6
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Type : MALWARE-CNC - Revision : 5
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Type : EXPLOIT-KIT - Revision : 6
2014-01-10 Oracle Java calendar deserialize vulnerability
RuleID : 20238 - Type : SERVER-OTHER - Revision : 5
2014-01-10 Oracle Java Web Start JNLP j2se key value buffer overflow attempt
RuleID : 17631 - Type : FILE-JAVA - Revision : 14
2014-01-10 Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow
RuleID : 17563 - Type : FILE-JAVA - Revision : 12
2014-01-10 Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt
RuleID : 17562 - Type : FILE-JAVA - Revision : 13
2014-01-10 Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt
RuleID : 17395 - Type : FILE-IMAGE - Revision : 14
2014-01-10 Oracle Java Web Start JNLP attribute buffer overflow attempt
RuleID : 13950 - Type : FILE-JAVA - Revision : 14

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0002_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote host is missing a security-related patch.
File: vmware_VMSA-2009-0014_remote.nasl - Type: ACT_GATHER_INFO
2016-03-03 Name: The remote host is missing a security-related patch.
File: vmware_VMSA-2009-0016_remote.nasl - Type: ACT_GATHER_INFO
2013-09-13 Name: The remote host is affected by multiple vulnerabilities.
File: juniper_nsm_psn_2012_08_689.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-1201.nasl - Type: ACT_GATHER_INFO
2013-02-22 Name: The remote Unix host has an application that is affected by multiple vulnerab...
File: sun_java_j2se_4_2_18_unix.nasl - Type: ACT_GATHER_INFO
2013-02-22 Name: The remote Unix host has an application that may allow arbitrary command inje...
File: sun_java_jre_102993_unix.nasl - Type: ACT_GATHER_INFO
2013-02-22 Name: The remote Unix host contains a runtime environment that is affected by multi...
File: sun_java_jre_244986_unix.nasl - Type: ACT_GATHER_INFO
2013-02-22 Name: The remote Unix host contains a runtime environment that is affected by multi...
File: sun_java_jre_263408_unix.nasl - Type: ACT_GATHER_INFO
2013-02-22 Name: The remote Unix host has an application that is affected by multiple vulnerab...
File: sun_java_jre_5_16_unix.nasl - Type: ACT_GATHER_INFO
2013-02-22 Name: The remote Unix host has an application that is affected by multiple vulnerab...
File: sun_java_jre_6_7_unix.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0245.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0267.nasl - Type: ACT_GATHER_INFO
2013-01-24 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0594.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080714_java__jdk_1_5_0__on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090117_java__jdk_1_6_0__on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type: ACT_GATHER_INFO
2011-04-23 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2009-1662.nasl - Type: ACT_GATHER_INFO
2010-10-11 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_java-1_4_2-ibm-6523.nasl - Type: ACT_GATHER_INFO
2010-03-31 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0002.nasl - Type: ACT_GATHER_INFO
2010-01-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2010-0043.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0636.nasl - Type: ACT_GATHER_INFO
2010-01-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2009-0466.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-1201.nasl - Type: ACT_GATHER_INFO