7.5 - SUN-254611

Executive Summary

Summary
Title	Sun Alert 254611 Multiple Security Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated

Informations
Name	SUN-254611	First vendor Publication	2009-03-24
Vendor	Sun	Last vendor Modification	2010-01-20
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java Standard Edition (Java SE)

CR 6646860: A security vulnerability in the Java Plug-in withdeserializing applets may allow an untrusted applet to escalateprivileges. For example, an untrusted applet may grant itselfpermissions to read and write local files or execute local applicationsthat are accessible to the user running the untrusted applet.

CR 6724331: The Java Plug-in allows Javascript code that is loaded fromthe localhost to connect to any port on the system. This may beleveraged together with XSS vulnerabilities in a blended attack toillegally access other applications listening on ports other than theone where the Javascript code was served from.

CR 6706490: The Java Plug-in allows a trusted applet to be launched onan earlier version of the Java Runtime Environment (JRE) provided theuser that downloaded the applet allows it to run on the requestedrelease. A vulnerability allows Javascript code that is present in thesame web page as the applet to exploit known vulnerabilities of therequested JRE.

CR 6798948: A security vulnerability in the Java Plug-in with parsingcrossdomain.xml files may allow an untrusted applet to connect to anysite that provides a crossdomain.xml file instead of sites that allowthe domain that the applet is running on.

CR 6782871: A security vulnerability in the Java Plug-in may allow asigned applet to obscure the contents of the security dialog andthereby trick a user into trusting the applet.

Sun acknowledges with thanks: Gregory Fleischer (for CR 6798948) andMichael Schierl (for CR 6782871).

State: Resolved

First released: 24-Mar-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_254611_multiple_security

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-20	Improper Input Validation
50 %	CWE-16	Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21833

Oval ID:	oval:org.mitre.oval:def:21833
Title:	ELSA-2009:0392: java-1.6.0-sun security update (Critical)
Description:	The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0392-01 CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107	Version:	69
Platform(s):	Oracle Linux 5	Product(s):	java-1.6.0-sun
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.6.0-sun-jdbc is earlier than 1:1.6.0.13-1jpp.1.el5 AND java-1.6.0-sun is earlier than 1:1.6.0.13-1jpp.1.el5 AND java-1.6.0-sun-demo is earlier than 1:1.6.0.13-1jpp.1.el5 AND java-1.6.0-sun-plugin is earlier than 1:1.6.0.13-1jpp.1.el5 AND java-1.6.0-sun-src is earlier than 1:1.6.0.13-1jpp.1.el5 AND java-1.6.0-sun-devel is earlier than 1:1.6.0.13-1jpp.1.el5

Definition Id: oval:org.mitre.oval:def:22708

Oval ID:	oval:org.mitre.oval:def:22708
Title:	ELSA-2009:0394: java-1.5.0-sun security update (Critical)
Description:	The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:0394-01 CVE-2006-2426 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1103 CVE-2009-1104 CVE-2009-1107	Version:	49
Platform(s):	Oracle Linux 5	Product(s):	java-1.5.0-sun
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.5.0-sun-plugin is earlier than 0:1.5.0.18-1jpp.1.el5 AND java-1.5.0-sun is earlier than 0:1.5.0.18-1jpp.1.el5 AND java-1.5.0-sun-jdbc is earlier than 0:1.5.0.18-1jpp.1.el5 AND java-1.5.0-sun-demo is earlier than 0:1.5.0.18-1jpp.1.el5 AND java-1.5.0-sun-devel is earlier than 0:1.5.0.18-1jpp.1.el5 AND java-1.5.0-sun-src is earlier than 0:1.5.0.18-1jpp.1.el5

Definition Id: oval:org.mitre.oval:def:22725

Oval ID:	oval:org.mitre.oval:def:22725
Title:	ELSA-2009:1038: java-1.5.0-ibm security update (Critical)
Description:	The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1038-01 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107	Version:	61
Platform(s):	Oracle Linux 5	Product(s):	java-1.5.0-ibm
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.9-1jpp.3.el5 AND java-1.5.0-ibm is earlier than 1:1.5.0.9-1jpp.3.el5 AND java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.9-1jpp.3.el5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.9-1jpp.3.el5 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.9-1jpp.3.el5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.9-1jpp.3.el5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.9-1jpp.3.el5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.9-1jpp.3.el5

Definition Id: oval:org.mitre.oval:def:22876

Oval ID:	oval:org.mitre.oval:def:22876
Title:	ELSA-2009:1198: java-1.6.0-ibm security update (Critical)
Description:	The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1198-02 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107	Version:	61
Platform(s):	Oracle Linux 5	Product(s):	java-1.6.0-ibm
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.5-1jpp.1.el5 AND java-1.6.0-ibm is earlier than 1:1.6.0.5-1jpp.1.el5 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.5-1jpp.1.el5 AND java-1.6.0-ibm-accessibility is earlier than 1:1.6.0.5-1jpp.1.el5 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.5-1jpp.1.el5 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.5-1jpp.1.el5 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.5-1jpp.1.el5 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.5-1jpp.1.el5

Definition Id: oval:org.mitre.oval:def:6542

Oval ID:	oval:org.mitre.oval:def:6542
Title:	Java Plug-in Bugs Lets Remote Users Gain Privileges
Description:	Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1103	Version:	3
Platform(s):	VMWare ESX Server 3.5 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
IF VMware ESX Server 3.5.0 is installed AND Patch ESX350-200910403-SG is not installed OR VMware ESX Server 4.0 is installed AND Patch ESX400-200911223-UG is not installed

Definition Id: oval:org.mitre.oval:def:6584

Oval ID:	oval:org.mitre.oval:def:6584
Title:	Sun Java Runtime Environment Java Plug-in Javascript code unauthorized access
Description:	The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1104	Version:	3
Platform(s):	VMWare ESX Server 3.5 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
IF VMware ESX Server 3.5.0 is installed AND Patch ESX350-200910403-SG is not installed OR VMware ESX Server 4.0 is installed AND Patch ESX400-200911223-UG is not installed

Definition Id: oval:org.mitre.oval:def:6585

Oval ID:	oval:org.mitre.oval:def:6585
Title:	Sun Java Runtime Environment Java Plug-in signed applet unauthorized access
Description:	The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1107	Version:	3
Platform(s):	VMWare ESX Server 3.5 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
IF VMware ESX Server 3.5.0 is installed AND Patch ESX350-200910403-SG is not installed OR VMware ESX Server 4.0 is installed AND Patch ESX400-200911223-UG is not installed

Definition Id: oval:org.mitre.oval:def:6619

Oval ID:	oval:org.mitre.oval:def:6619
Title:	Sun Java Runtime Environment Java Plug-in crossdomain.xml information disclosure
Description:	The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1106	Version:	3
Platform(s):	VMWare ESX Server 3.5 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
IF VMware ESX Server 3.5.0 is installed AND Patch ESX350-200910403-SG is not installed OR VMware ESX Server 4.0 is installed AND Patch ESX400-200911223-UG is not installed

Definition Id: oval:org.mitre.oval:def:6642

Oval ID:	oval:org.mitre.oval:def:6642
Title:	Sun Java Runtime Environment Java Plug-in weak security
Description:	The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1105	Version:	3
Platform(s):	VMWare ESX Server 3.5 VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
IF VMware ESX Server 3.5.0 is installed AND Patch ESX350-200910403-SG is not installed OR VMware ESX Server 4.0 is installed AND Patch ESX400-200911223-UG is not installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Sun Java cpe:2.3:a:sun:java::::::::	1
Application	Sun Jdk cpe:2.3:a:sun:jdk:1.6.0:update_10:::::: cpe:2.3:a:sun:jdk:1.6.0:update_12:::::: cpe:2.3:a:sun:jdk:1.6.0:update_11::::::	3
Application	Sun Jre cpe:2.3:a:sun:jre:1.6.0:update_10:::::: cpe:2.3:a:sun:jre:1.6.0:update_11:::::: cpe:2.3:a:sun:jre:1.6.0:update_12::::::	3

OpenVAS Exploits

Date	Description
2010-05-28	Name : Java for Mac OS X 10.5 Update 4 File : nvt/macosx_java_for_10_5_upd_4.nasl
2010-05-28	Name : Java for Mac OS X 10.6 Update 2 File : nvt/macosx_java_for_10_6_upd_2.nasl
2009-10-13	Name : SLES10: Security update for IBM Java 5 File : nvt/sles10_java-1_5_0-ibm1.nasl
2009-10-11	Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm0.nasl
2009-10-10	Name : SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK File : nvt/sles9p5050060.nasl
2009-08-17	Name : RedHat Security Advisory RHSA-2009:1198 File : nvt/RHSA_2009_1198.nasl
2009-06-15	Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl
2009-06-01	Name : HP-UX Update for Java HPSBUX02429 File : nvt/gb_hp_ux_HPSBUX02429.nasl
2009-05-20	Name : RedHat Security Advisory RHSA-2009:1038 File : nvt/RHSA_2009_1038.nasl
2009-04-23	Name : Sun Java JRE Multiple Vulnerabilities (Linux) File : nvt/gb_sun_java_jre_dos_vuln_lin.nasl
2009-04-23	Name : Sun Java JDK/JRE Multiple Vulnerabilities (Win) File : nvt/gb_sun_java_jre_dos_vuln_win.nasl
2009-04-06	Name : SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6) File : nvt/suse_sa_2009_016.nasl
2009-03-31	Name : RedHat Security Advisory RHSA-2009:0392 File : nvt/RHSA_2009_0392.nasl
2009-03-31	Name : RedHat Security Advisory RHSA-2009:0394 File : nvt/RHSA_2009_0394.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
53178	Sun Java JDK / JRE Java Plug-in Swing JLabel HTML Parsing Signed Applet Trust...
53177	Sun Java JDK / JRE Java Plug-in crossdomain.xml Parsing Restriction Bypass
53176	Sun Java JDK / JRE Java Plug-in Applet Execution Version Regression Weakness
53175	Sun Java JDK / JRE Java Plug-in LiveConnect Localhost Restriction Bypass
53174	Sun Java JDK / JRE Java Plug-in Deserializing Applets Unspecified Remote Priv...

Information Assurance Vulnerability Management (IAVM)

Date	Description
2009-10-22	IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03	Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03	Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_254569_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090326_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2010-05-19	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO
2010-03-31	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2009-11-23	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6253.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-090629.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12422.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1198.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1038.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0394.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0392.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-090328.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-090328.nasl - Type : ACT_GATHER_INFO
2009-07-09	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-17	Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-04-01	Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-6125.nasl - Type : ACT_GATHER_INFO
2009-04-01	Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-6128.nasl - Type : ACT_GATHER_INFO
2009-03-27	Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_254569.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris9_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris8_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125139-97 File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12	Name : The remote host is missing Sun Security Patch number 125137-97 File : solaris10_125137.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06	Name : The remote host is missing Sun Security Patch number 118669-86 File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	9
CPE ID(s)	7
osvdb(s)	5
Openvas Exploit(s)	14
IAVM(s)	1
Nessus® Exploit(s)	38

	Related
7.5	CVE-2009-1105
6.4	CVE-2009-1106
6.4	CVE-2009-1103
5.8	CVE-2009-1104
4.3	CVE-2009-1107
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)