Executive Summary

Informations
Name CVE-2009-1094 First vendor Publication 2009-03-25
Vendor Cve Last vendor Modification 2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11064
 
Oval ID: oval:org.mitre.oval:def:11064
Title: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
Description: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1094
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6598
 
Oval ID: oval:org.mitre.oval:def:6598
Title: Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
Description: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1094
 Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 321
Application 356
Application 95

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for java CESA-2009:0377 centos5 i386
File : nvt/gb_CESA-2009_0377_java_centos5_i386.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2009-11-23 Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_200911_02.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 5
File : nvt/sles10_java-1_5_0-ibm1.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm0.nasl
2009-10-10 Name : SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK
File : nvt/sles9p5050060.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1198
File : nvt/RHSA_2009_1198.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_162.nasl
2009-06-23 Name : Mandrake Security Advisory MDVSA-2009:137 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_137.nasl
2009-06-15 Name : SuSE Security Summary SUSE-SR:2009:011
File : nvt/suse_sr_2009_011.nasl
2009-06-05 Name : Ubuntu USN-744-1 (lcms)
File : nvt/ubuntu_744_1.nasl
2009-06-05 Name : Ubuntu USN-743-1 (gs-gpl)
File : nvt/ubuntu_743_1.nasl
2009-06-01 Name : HP-UX Update for Java HPSBUX02429
File : nvt/gb_hp_ux_HPSBUX02429.nasl
2009-05-20 Name : RedHat Security Advisory RHSA-2009:1038
File : nvt/RHSA_2009_1038.nasl
2009-04-23 Name : Sun Java JDK/JRE Multiple Vulnerabilities (Win)
File : nvt/gb_sun_java_jre_dos_vuln_win.nasl
2009-04-23 Name : Sun Java JRE Multiple Vulnerabilities (Linux)
File : nvt/gb_sun_java_jre_dos_vuln_lin.nasl
2009-04-15 Name : CentOS Security Advisory CESA-2009:0377 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_0377.nasl
2009-04-15 Name : Debian Security Advisory DSA 1769-1 (openjdk-6)
File : nvt/deb_1769_1.nasl
2009-04-15 Name : RedHat Security Advisory RHSA-2009:0377
File : nvt/RHSA_2009_0377.nasl
2009-04-06 Name : Ubuntu USN-746-1 (xine-lib)
File : nvt/ubuntu_746_1.nasl
2009-04-06 Name : Ubuntu USN-747-1 (icu)
File : nvt/ubuntu_747_1.nasl
2009-04-06 Name : Ubuntu USN-748-1 (openjdk-6)
File : nvt/ubuntu_748_1.nasl
2009-04-06 Name : SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)
File : nvt/suse_sa_2009_016.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0394
File : nvt/RHSA_2009_0394.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0392
File : nvt/RHSA_2009_0392.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53165 Sun Java JDK / JRE LDAP Implementation Serialized Data Unspecified Arbitrary ...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_254569_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090326_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-6253.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-090629.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12422.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1198.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1038.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0394.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0392.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-090328.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-090328.nasl - Type : ACT_GATHER_INFO
2009-07-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-137.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-748-1.nasl - Type : ACT_GATHER_INFO
2009-04-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1769.nasl - Type : ACT_GATHER_INFO
2009-04-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0377.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-6128.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-6125.nasl - Type : ACT_GATHER_INFO
2009-03-27 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_254569.nasl - Type : ACT_GATHER_INFO
2005-08-18 Name : The remote host is missing Sun Security Patch number 118667-86
File : solaris9_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18 Name : The remote host is missing Sun Security Patch number 118667-86
File : solaris8_118667.nasl - Type : ACT_GATHER_INFO
2005-08-18 Name : The remote host is missing Sun Security Patch number 118667-86
File : solaris10_118667.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/34240
BUGTRAQ http://www.securityfocus.com/archive/1/507985/100/0/threaded
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
DEBIAN http://www.debian.org/security/2009/dsa-1769
GENTOO http://security.gentoo.org/glsa/glsa-200911-02.xml
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=...
http://marc.info/?l=bugtraq&m=124344236532162&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
MISC http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2009-0392.html
http://www.redhat.com/support/errata/RHSA-2009-0394.html
http://www.redhat.com/support/errata/RHSA-2009-1038.html
https://rhn.redhat.com/errata/RHSA-2009-0377.html
https://rhn.redhat.com/errata/RHSA-2009-1198.html
SECTRACK http://www.securitytracker.com/id?1021893
SECUNIA http://secunia.com/advisories/34489
http://secunia.com/advisories/34495
http://secunia.com/advisories/34496
http://secunia.com/advisories/34632
http://secunia.com/advisories/34675
http://secunia.com/advisories/35156
http://secunia.com/advisories/35223
http://secunia.com/advisories/35255
http://secunia.com/advisories/35416
http://secunia.com/advisories/35776
http://secunia.com/advisories/36185
http://secunia.com/advisories/37386
http://secunia.com/advisories/37460
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1
SUSE http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html
UBUNTU http://www.ubuntu.com/usn/usn-748-1
VUPEN http://www.vupen.com/english/advisories/2009/1426
http://www.vupen.com/english/advisories/2009/1900
http://www.vupen.com/english/advisories/2009/3316

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Date Informations
2024-02-02 01:10:47
  • Multiple Updates
2024-02-01 12:03:02
  • Multiple Updates
2023-09-05 12:10:05
  • Multiple Updates
2023-09-05 01:02:53
  • Multiple Updates
2023-09-02 12:10:11
  • Multiple Updates
2023-09-02 01:02:54
  • Multiple Updates
2023-08-12 12:11:54
  • Multiple Updates
2023-08-12 01:02:54
  • Multiple Updates
2023-08-11 12:10:13
  • Multiple Updates
2023-08-11 01:03:00
  • Multiple Updates
2023-08-06 12:09:49
  • Multiple Updates
2023-08-06 01:02:55
  • Multiple Updates
2023-08-04 12:09:54
  • Multiple Updates
2023-08-04 01:02:58
  • Multiple Updates
2023-07-14 12:09:52
  • Multiple Updates
2023-07-14 01:02:55
  • Multiple Updates
2023-03-29 01:11:22
  • Multiple Updates
2023-03-28 12:03:02
  • Multiple Updates
2022-10-11 12:08:47
  • Multiple Updates
2022-10-11 01:02:45
  • Multiple Updates
2021-05-04 12:09:19
  • Multiple Updates
2021-04-22 01:09:39
  • Multiple Updates
2020-05-23 01:40:12
  • Multiple Updates
2020-05-23 00:23:33
  • Multiple Updates
2019-07-31 12:02:48
  • Multiple Updates
2019-03-18 12:02:04
  • Multiple Updates
2018-11-30 12:02:47
  • Multiple Updates
2018-10-11 00:19:33
  • Multiple Updates
2018-10-10 12:02:42
  • Multiple Updates
2017-09-29 09:24:08
  • Multiple Updates
2016-06-28 17:38:33
  • Multiple Updates
2016-04-26 18:43:38
  • Multiple Updates
2016-03-09 13:25:54
  • Multiple Updates
2016-03-04 13:26:24
  • Multiple Updates
2014-02-17 10:49:25
  • Multiple Updates
2013-11-11 12:38:14
  • Multiple Updates
2013-05-10 23:47:23
  • Multiple Updates