Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-3867
HistoryNov 05, 2009 - 4:30 p.m.

CVE-2009-3867

2009-11-0516:30:00
CWE-119
mitre
web.nvd.nist.gov
66
cve-2009-3867
stack-based buffer overflow
sun java se
remote code execution
url
cve

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.932

Percentile

99.1%

JSON

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

Affected configurations

Nvd
Node
sunjdkMatch1.5.0update_1
OR
sunjdkMatch1.5.0update_10
OR
sunjdkMatch1.5.0update_11
OR
sunjdkMatch1.5.0update_12
OR
sunjdkMatch1.5.0update_13
OR
sunjdkMatch1.5.0update_14
OR
sunjdkMatch1.5.0update_15
OR
sunjdkMatch1.5.0update_16
OR
sunjdkMatch1.5.0update_17
OR
sunjdkMatch1.5.0update_18
OR
sunjdkMatch1.5.0update_19
OR
sunjdkMatch1.5.0update_2
OR
sunjdkMatch1.5.0update_20
OR
sunjdkMatch1.5.0update_21
OR
sunjdkMatch1.5.0update_3
OR
sunjdkMatch1.5.0update_4
OR
sunjdkMatch1.5.0update_5
OR
sunjdkMatch1.5.0update_6
OR
sunjdkMatch1.5.0update_7
OR
sunjdkMatch1.5.0update_8
OR
sunjdkMatch1.5.0update_9
OR
sunjdkMatch1.6.0update_1
OR
sunjdkMatch1.6.0update_10
OR
sunjdkMatch1.6.0update_11
OR
sunjdkMatch1.6.0update_12
OR
sunjdkMatch1.6.0update_13
OR
sunjdkMatch1.6.0update_14
OR
sunjdkMatch1.6.0update_15
OR
sunjdkMatch1.6.0update_16
OR
sunjdkMatch1.6.0update_3
OR
sunjdkMatch1.6.0update_4
OR
sunjdkMatch1.6.0update_5
OR
sunjdkMatch1.6.0update_6
OR
sunjdkMatch1.6.0update_7
OR
sunjdkMatch1.6.0update_8
OR
sunjdkMatch1.6.0update_9
OR
sunjreMatch1.5.0update_1
OR
sunjreMatch1.5.0update_11
OR
sunjreMatch1.5.0update_12
OR
sunjreMatch1.5.0update_13
OR
sunjreMatch1.5.0update_14
OR
sunjreMatch1.5.0update_15
OR
sunjreMatch1.5.0update_16
OR
sunjreMatch1.5.0update_17
OR
sunjreMatch1.5.0update_18
OR
sunjreMatch1.5.0update_19
OR
sunjreMatch1.5.0update_2
OR
sunjreMatch1.5.0update_20
OR
sunjreMatch1.5.0update_21
OR
sunjreMatch1.5.0update_3
OR
sunjreMatch1.5.0update_4
OR
sunjreMatch1.5.0update_5
OR
sunjreMatch1.5.0update_6
OR
sunjreMatch1.5.0update_7
OR
sunjreMatch1.5.0update_8
OR
sunjreMatch1.5.0update_9
OR
sunjreMatch1.6.0update_1
OR
sunjreMatch1.6.0update_10
OR
sunjreMatch1.6.0update_11
OR
sunjreMatch1.6.0update_12
OR
sunjreMatch1.6.0update_13
OR
sunjreMatch1.6.0update_14
OR
sunjreMatch1.6.0update_15
OR
sunjreMatch1.6.0update_16
OR
sunjreMatch1.6.0update_2
OR
sunjreMatch1.6.0update_3
OR
sunjreMatch1.6.0update_4
OR
sunjreMatch1.6.0update_5
OR
sunjreMatch1.6.0update_6
OR
sunjreMatch1.6.0update_7
OR
sunjreMatch1.6.0update_8
OR
sunjreMatch1.6.0update_9
Node
sunjreMatch1.4.2_1
OR
sunjreMatch1.4.2_2
OR
sunjreMatch1.4.2_02
OR
sunjreMatch1.4.2_03
OR
sunjreMatch1.4.2_3
OR
sunjreMatch1.4.2_4
OR
sunjreMatch1.4.2_04
OR
sunjreMatch1.4.2_05
OR
sunjreMatch1.4.2_5
OR
sunjreMatch1.4.2_06
OR
sunjreMatch1.4.2_6
OR
sunjreMatch1.4.2_7
OR
sunjreMatch1.4.2_07
OR
sunjreMatch1.4.2_8
OR
sunjreMatch1.4.2_08
OR
sunjreMatch1.4.2_09
OR
sunjreMatch1.4.2_9
OR
sunjreMatch1.4.2_10
OR
sunjreMatch1.4.2_11
OR
sunjreMatch1.4.2_12
OR
sunjreMatch1.4.2_13
OR
sunjreMatch1.4.2_14
OR
sunjreMatch1.4.2_15
OR
sunjreMatch1.4.2_16
OR
sunjreMatch1.4.2_17
OR
sunjreMatch1.4.2_18
OR
sunjreMatch1.4.2_19
OR
sunjreMatch1.4.2_20
OR
sunjreMatch1.4.2_21
OR
sunjreMatch1.4.2_22
OR
sunsdkMatch1.4.2_01
OR
sunsdkMatch1.4.2_1
OR
sunsdkMatch1.4.2_2
OR
sunsdkMatch1.4.2_02
OR
sunsdkMatch1.4.2_03
OR
sunsdkMatch1.4.2_3
OR
sunsdkMatch1.4.2_04
OR
sunsdkMatch1.4.2_4
OR
sunsdkMatch1.4.2_5
OR
sunsdkMatch1.4.2_05
OR
sunsdkMatch1.4.2_6
OR
sunsdkMatch1.4.2_06
OR
sunsdkMatch1.4.2_07
OR
sunsdkMatch1.4.2_7
OR
sunsdkMatch1.4.2_8
OR
sunsdkMatch1.4.2_08
OR
sunsdkMatch1.4.2_09
OR
sunsdkMatch1.4.2_9
OR
sunsdkMatch1.4.2_10
OR
sunsdkMatch1.4.2_11
OR
sunsdkMatch1.4.2_12
OR
sunsdkMatch1.4.2_13
OR
sunsdkMatch1.4.2_14
OR
sunsdkMatch1.4.2_15
OR
sunsdkMatch1.4.2_16
OR
sunsdkMatch1.4.2_17
OR
sunsdkMatch1.4.2_18
OR
sunsdkMatch1.4.2_19
OR
sunsdkMatch1.4.2_20
OR
sunsdkMatch1.4.2_21
OR
sunsdkMatch1.4.2_22
AND
sunsolaris
Node
sunjreMatch1.3.1_1
OR
sunjreMatch1.3.1_01
OR
sunjreMatch1.3.1_01a
OR
sunjreMatch1.3.1_02
OR
sunjreMatch1.3.1_2
OR
sunjreMatch1.3.1_03
OR
sunjreMatch1.3.1_3
OR
sunjreMatch1.3.1_4
OR
sunjreMatch1.3.1_04
OR
sunjreMatch1.3.1_05
OR
sunjreMatch1.3.1_5
OR
sunjreMatch1.3.1_06
OR
sunjreMatch1.3.1_6
OR
sunjreMatch1.3.1_07
OR
sunjreMatch1.3.1_7
OR
sunjreMatch1.3.1_8
OR
sunjreMatch1.3.1_08
OR
sunjreMatch1.3.1_9
OR
sunjreMatch1.3.1_09
OR
sunjreMatch1.3.1_10
OR
sunjreMatch1.3.1_11
OR
sunjreMatch1.3.1_12
OR
sunjreMatch1.3.1_13
OR
sunjreMatch1.3.1_14
OR
sunjreMatch1.3.1_15
OR
sunjreMatch1.3.1_16
OR
sunjreMatch1.3.1_17
OR
sunjreMatch1.3.1_18
OR
sunjreMatch1.3.1_19
OR
sunjreMatch1.3.1_20
OR
sunjreMatch1.3.1_21
OR
sunjreMatch1.3.1_22
OR
sunjreMatch1.3.1_23
OR
sunjreMatch1.3.1_24
OR
sunjreMatch1.3.1_25
OR
sunsdkMatch1.3.1_01
OR
sunsdkMatch1.3.1_01a
OR
sunsdkMatch1.3.1_2
OR
sunsdkMatch1.3.1_02
OR
sunsdkMatch1.3.1_03
OR
sunsdkMatch1.3.1_3
OR
sunsdkMatch1.3.1_4
OR
sunsdkMatch1.3.1_04
OR
sunsdkMatch1.3.1_5
OR
sunsdkMatch1.3.1_05
OR
sunsdkMatch1.3.1_6
OR
sunsdkMatch1.3.1_06
OR
sunsdkMatch1.3.1_7
OR
sunsdkMatch1.3.1_07
OR
sunsdkMatch1.3.1_8
OR
sunsdkMatch1.3.1_08
OR
sunsdkMatch1.3.1_9
OR
sunsdkMatch1.3.1_09
OR
sunsdkMatch1.3.1_10
OR
sunsdkMatch1.3.1_11
OR
sunsdkMatch1.3.1_12
OR
sunsdkMatch1.3.1_13
OR
sunsdkMatch1.3.1_14
OR
sunsdkMatch1.3.1_15
OR
sunsdkMatch1.3.1_16
OR
sunsdkMatch1.3.1_17
OR
sunsdkMatch1.3.1_18
OR
sunsdkMatch1.3.1_19
OR
sunsdkMatch1.3.1_20
OR
sunsdkMatch1.3.1_21
OR
sunsdkMatch1.3.1_22
OR
sunsdkMatch1.3.1_23
OR
sunsdkMatch1.3.1_24
OR
sunsdkMatch1.3.1_25
AND
microsoftwindows
Node
sunjava_sebusiness
AND
sunjdkMatch1.5.0update_1
OR
sunjdkMatch1.5.0update_10
OR
sunjdkMatch1.5.0update_11
OR
sunjdkMatch1.5.0update_12
OR
sunjdkMatch1.5.0update_13
OR
sunjdkMatch1.5.0update_14
OR
sunjdkMatch1.5.0update_15
OR
sunjdkMatch1.5.0update_16
OR
sunjdkMatch1.5.0update_17
OR
sunjdkMatch1.5.0update_18
OR
sunjdkMatch1.5.0update_19
OR
sunjdkMatch1.5.0update_2
OR
sunjdkMatch1.5.0update_20
OR
sunjdkMatch1.5.0update_21
OR
sunjdkMatch1.5.0update_3
OR
sunjdkMatch1.5.0update_4
OR
sunjdkMatch1.5.0update_5
OR
sunjdkMatch1.5.0update_6
OR
sunjdkMatch1.5.0update_7
OR
sunjdkMatch1.5.0update_8
OR
sunjdkMatch1.5.0update_9
OR
sunjdkMatch1.6.0update_1
OR
sunjdkMatch1.6.0update_10
OR
sunjdkMatch1.6.0update_11
OR
sunjdkMatch1.6.0update_12
OR
sunjdkMatch1.6.0update_13
OR
sunjdkMatch1.6.0update_14
OR
sunjdkMatch1.6.0update_15
OR
sunjdkMatch1.6.0update_16
OR
sunjdkMatch1.6.0update_3
OR
sunjdkMatch1.6.0update_4
OR
sunjdkMatch1.6.0update_5
OR
sunjdkMatch1.6.0update_6
OR
sunjdkMatch1.6.0update_7
OR
sunjdkMatch1.6.0update_8
OR
sunjdkMatch1.6.0update_9
OR
sunjdkMatch1.6.0update2
OR
sunjreMatch1.4.2_01
OR
sunjreMatch1.4.2_1
OR
sunjreMatch1.4.2_2
OR
sunjreMatch1.4.2_02
OR
sunjreMatch1.4.2_03
OR
sunjreMatch1.4.2_3
OR
sunjreMatch1.4.2_4
OR
sunjreMatch1.4.2_04
OR
sunjreMatch1.4.2_05
OR
sunjreMatch1.4.2_5
OR
sunjreMatch1.4.2_06
OR
sunjreMatch1.4.2_6
OR
sunjreMatch1.4.2_7
OR
sunjreMatch1.4.2_07
OR
sunjreMatch1.4.2_8
OR
sunjreMatch1.4.2_08
OR
sunjreMatch1.4.2_09
OR
sunjreMatch1.4.2_9
OR
sunjreMatch1.4.2_10
OR
sunjreMatch1.4.2_11
OR
sunjreMatch1.4.2_12
OR
sunjreMatch1.4.2_13
OR
sunjreMatch1.4.2_14
OR
sunjreMatch1.4.2_15
OR
sunjreMatch1.4.2_16
OR
sunjreMatch1.4.2_17
OR
sunjreMatch1.4.2_18
OR
sunjreMatch1.4.2_19
OR
sunjreMatch1.4.2_20
OR
sunjreMatch1.4.2_21
OR
sunjreMatch1.4.2_22
OR
sunjreMatch1.5.0update_1
OR
sunjreMatch1.5.0update_11
OR
sunjreMatch1.5.0update_12
OR
sunjreMatch1.5.0update_13
OR
sunjreMatch1.5.0update_14
OR
sunjreMatch1.5.0update_15
OR
sunjreMatch1.5.0update_16
OR
sunjreMatch1.5.0update_17
OR
sunjreMatch1.5.0update_18
OR
sunjreMatch1.5.0update_19
OR
sunjreMatch1.5.0update_2
OR
sunjreMatch1.5.0update_20
OR
sunjreMatch1.5.0update_21
OR
sunjreMatch1.5.0update_3
OR
sunjreMatch1.5.0update_4
OR
sunjreMatch1.5.0update_5
OR
sunjreMatch1.5.0update_6
OR
sunjreMatch1.5.0update_7
OR
sunjreMatch1.5.0update_8
OR
sunjreMatch1.5.0update_9
OR
sunjreMatch1.6.0update_1
OR
sunjreMatch1.6.0update_10
OR
sunjreMatch1.6.0update_11
OR
sunjreMatch1.6.0update_12
OR
sunjreMatch1.6.0update_13
OR
sunjreMatch1.6.0update_14
OR
sunjreMatch1.6.0update_15
OR
sunjreMatch1.6.0update_16
OR
sunjreMatch1.6.0update_2
OR
sunjreMatch1.6.0update_3
OR
sunjreMatch1.6.0update_4
OR
sunjreMatch1.6.0update_5
OR
sunjreMatch1.6.0update_6
OR
sunjreMatch1.6.0update_7
OR
sunjreMatch1.6.0update_8
OR
sunjreMatch1.6.0update_9
OR
sunsdkMatch1.4.2_1
OR
sunsdkMatch1.4.2_2
OR
sunsdkMatch1.4.2_02
OR
sunsdkMatch1.4.2_03
OR
sunsdkMatch1.4.2_3
OR
sunsdkMatch1.4.2_04
OR
sunsdkMatch1.4.2_4
OR
sunsdkMatch1.4.2_5
OR
sunsdkMatch1.4.2_05
OR
sunsdkMatch1.4.2_6
OR
sunsdkMatch1.4.2_06
OR
sunsdkMatch1.4.2_07
OR
sunsdkMatch1.4.2_7
OR
sunsdkMatch1.4.2_8
OR
sunsdkMatch1.4.2_08
OR
sunsdkMatch1.4.2_09
OR
sunsdkMatch1.4.2_9
OR
sunsdkMatch1.4.2_10
OR
sunsdkMatch1.4.2_11
OR
sunsdkMatch1.4.2_12
OR
sunsdkMatch1.4.2_13
OR
sunsdkMatch1.4.2_14
OR
sunsdkMatch1.4.2_15
OR
sunsdkMatch1.4.2_16
OR
sunsdkMatch1.4.2_17
OR
sunsdkMatch1.4.2_18
OR
sunsdkMatch1.4.2_19
OR
sunsdkMatch1.4.2_20
OR
sunsdkMatch1.4.2_21
OR
sunsdkMatch1.4.2_22
VendorProductVersionCPE
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_1:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_10:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_11:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_12:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_13:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_14:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_15:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_16:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_17:*:*:*:*:*:*
sunjdk1.5.0cpe:2.3:a:sun:jdk:1.5.0:update_18:*:*:*:*:*:*
Rows per page:
1-10 of 2071

References

Related

seebug 1
exploitdb 3
nvd 2
veracode 1
checkpoint_advisories 1
canvas 2
prion 2
saint 4
ubuntucve 1
zdi 1
metasploit 1
packetstorm 2
cvelist 2
suse 4
nessus 28
redhat 7
openvas 20
securityvulns 3
cve 1
oracle 1
vmware 2
gentoo 1
seebug
seebug
Sun Java JRE getSoundbank file:// URI Buffer Overflow
2014-07-01 00:00:00
exploitdb
exploitdb
Sun Java JRE - getSoundbank 'file://' URI Buffer Overflow (Metasploit)
2010-09-20 00:00:00
Sun Java SE November 2009 - Multiple Vulnerabilities (2)
2009-10-29 00:00:00
Sun Java SE November 2009 - Multiple Vulnerabilities (1)
2009-10-29 00:00:00
nvd
nvd
CVE-2009-3867
2009-11-05 16:30:00
CVE-2010-0079
2010-01-13 01:30:01
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:40:37
checkpoint_advisories
checkpoint_advisories
Sun Java HsbParser.getSoundBank Stack Buffer Overflow (CVE-2009-3867)
2010-02-02 00:00:00
canvas
canvas
Immunity Canvas: SUN_JAVA_HSBPARSER_LINUX
2009-11-05 16:30:00
Immunity Canvas: SUN_JAVA_HSBPARSER
2009-11-05 11:30:00
prion
prion
Stack overflow
2009-11-05 16:30:00
Code injection
2010-01-13 01:30:00
saint
saint
Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow
2009-11-06 00:00:00
Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow
2009-11-06 00:00:00
Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow
2009-11-06 00:00:00
ubuntucve
ubuntucve
CVE-2009-3867
2009-11-05 00:00:00
zdi
zdi
Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
2009-11-04 00:00:00
metasploit
metasploit
Sun Java JRE getSoundbank file:// URI Buffer Overflow
2009-12-11 21:18:31
packetstorm
packetstorm
Sun Java JRE getSoundbank file:// URI Buffer Overflow
2009-12-31 00:00:00
Netragard Security Advisory 2009-12-19
2009-12-30 00:00:00
cvelist
cvelist
CVE-2009-3867
2009-11-05 16:00:00
CVE-2010-0079
2010-01-13 01:00:00
suse
suse
remote code execution in java-1_4_2-ibm
2010-01-12 17:42:00
remote code execution in java-1_5_0-ibm
2010-01-12 09:21:12
remote code execution in java-1_6_0-sun
2009-11-19 17:02:05
nessus
nessus
SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6755)
2010-10-11 00:00:00
SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6757)
2010-01-12 00:00:00
SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12565)
2010-01-12 00:00:00
redhat
redhat
(RHSA-2010:0408) Moderate: java-1.4.2-ibm security update
2010-05-12 00:00:00
(RHSA-2009:1643) Critical: java-1.4.2-ibm security update
2009-12-07 00:00:00
(RHSA-2009:1647) Critical: java-1.5.0-ibm security update
2009-12-08 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1647
2009-12-14 00:00:00
HP-UX Update for Java HPSBUX02503
2010-02-15 00:00:00
Sun Java JDK/JRE Multiple Vulnerabilities (Nov 2009) - Linux
2009-11-13 00:00:00
securityvulns
securityvulns
HP Network Node Manager i DoS
2011-09-20 00:00:00
[security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
2011-09-20 00:00:00
Oracle Critical Patch Update Advisory - January 2010
2010-01-15 00:00:00
cve
cve
CVE-2010-0079
2010-01-13 01:30:01
oracle
oracle
Security | Oracle Critical Patch Update - January 2010
2010-01-12 00:00:00
vmware
vmware
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.932

Percentile

99.1%

JSON
Related for CVE-2009-3867
seebug1exploitdb3nvd2veracode1checkpoint_advisories1canvas2prion2saint4ubuntucve1zdi1metasploit1packetstorm2cvelist2suse4nessus28redhat7openvas20securityvulns3cve1oracle1vmware2gentoo1