Executive Summary
Summary | |
---|---|
Title | Sun Alert 254608 Security Vulnerabilities in the Java Runtime Environment (JRE) With Storing and Processing Font Files May Allow Denial of Service (DOS) |
Informations | |||
---|---|---|---|
Name | SUN-254608 | First vendor Publication | 2009-03-24 |
Vendor | Sun | Last vendor Modification | 2009-03-24 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Java Platform, Standard Edition (Java SE) Two security vulnerabilities in the Java Runtime Environment (JRE) with storing and processing temporary font files may allow an untrusted applet or Java Web Start application to consume a disproportionate amount of disk space resulting in a Denial of Service (DoS) condition. Sun acknowledges with thanks, Marc Schoenefeld for bringing the first issue to our attention. State: Resolved First released: 24-Mar-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_254608_security_vulnerabilities |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6224 | |||
Oval ID: | oval:org.mitre.oval:def:6224 | ||
Title: | Java Runtime Environment (JRE) Flaws in Storing and Processing Temporary Font Files Let Remote Users Deny Service | ||
Description: | Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1100 | Version: | 3 |
Platform(s): | VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-28 | Name : Java for Mac OS X 10.5 Update 4 File : nvt/macosx_java_for_10_5_upd_4.nasl |
2009-12-03 | Name : SLES9: Security update for IBM Java2 and SDK File : nvt/sles9p5063230.nasl |
2009-12-03 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm4.nasl |
2009-12-03 | Name : SLES11: Security update for IBM Java 1.4.2 File : nvt/sles11_java-1_4_2-ibm1.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 5 File : nvt/sles10_java-1_5_0-ibm1.nasl |
2009-10-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm0.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK File : nvt/sles9p5050060.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1198 File : nvt/RHSA_2009_1198.nasl |
2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
2009-06-05 | Name : Ubuntu USN-744-1 (lcms) File : nvt/ubuntu_744_1.nasl |
2009-06-05 | Name : Ubuntu USN-743-1 (gs-gpl) File : nvt/ubuntu_743_1.nasl |
2009-06-01 | Name : HP-UX Update for Java HPSBUX02429 File : nvt/gb_hp_ux_HPSBUX02429.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1038 File : nvt/RHSA_2009_1038.nasl |
2009-04-23 | Name : Sun Java JDK/JRE Multiple Vulnerabilities (Win) File : nvt/gb_sun_java_jre_dos_vuln_win.nasl |
2009-04-23 | Name : Sun Java JRE Multiple Vulnerabilities (Linux) File : nvt/gb_sun_java_jre_dos_vuln_lin.nasl |
2009-04-06 | Name : Ubuntu USN-746-1 (xine-lib) File : nvt/ubuntu_746_1.nasl |
2009-04-06 | Name : Ubuntu USN-747-1 (icu) File : nvt/ubuntu_747_1.nasl |
2009-04-06 | Name : Ubuntu USN-748-1 (openjdk-6) File : nvt/ubuntu_748_1.nasl |
2009-04-06 | Name : SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6) File : nvt/suse_sa_2009_016.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0394 File : nvt/RHSA_2009_0394.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0392 File : nvt/RHSA_2009_0392.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53171 | Sun Java JDK / JRE Temporary Font File Unspecified Disk Consumption DoS (6632... |
53170 | Sun Java JDK / JRE Temporary Font File Creation Limit Unspecified Disk Consum... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-10-22 | IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0021867 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_254569_unix.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090326_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6647.nasl - Type : ACT_GATHER_INFO |
2010-03-31 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-091106.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-6648.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12531.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
2009-10-19 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12422.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6253.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-090629.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1198.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1038.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0394.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0392.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-090328.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-090328.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-090327.nasl - Type : ACT_GATHER_INFO |
2009-07-09 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-748-1.nasl - Type : ACT_GATHER_INFO |
2009-04-01 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-6125.nasl - Type : ACT_GATHER_INFO |
2009-04-01 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-6128.nasl - Type : ACT_GATHER_INFO |
2009-03-27 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_254569.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris9_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris8_118667.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote host is missing Sun Security Patch number 118667-86 File : solaris10_118667.nasl - Type : ACT_GATHER_INFO |