Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10344
HistoryNov 05, 2009 - 12:00 a.m.

KLA10344 Multiple vulnerabilities in Sun Java SE

2009-11-0500:00:00
Kaspersky Lab
threats.kaspersky.com
99

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

Low

0.139 Low

EPSS

Percentile

95.7%

JSON

Multiple serious vulnerabilities have been found in SUN Java SE. Malicious users can exploit these vulnerabilities to cause denial of service or bypass authentication. Below is a complete list of vulnerabilities

  1. Unknown vectors can be exploited remotely via specially designed HTTP headers or specially designed DER data;
  2. Unknown vectors can be exploited remotely via a timing attack.

Original advisories

Related products

Sun-Java-JRE-1.6.x

Sun-Java-JDK-1.6.x

Oracle-Java-JRE-1.4.x

CVE list

CVE-2009-3875 critical

CVE-2009-3877 critical

CVE-2009-3876 critical

Solution

Update to latest version

Java SE

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Sun Java SE 5 updates 21 and earlierSun Java SE 6 updates 16 and earlierSun Java SE 4Β versions 1.4.2 update 23 and earlierSun Java SE 3 versions 1.3.1 update 26 and earlier

Related

nvd 4
cve 4
ubuntucve 3
prion 4
cvelist 4
veracode 3
openvas 40
securityvulns 4
redhat 10
nessus 40
suse 4
oraclelinux 1
fedora 3
centos 1
ubuntu 1
packetstorm 1
oracle 1
vmware 2
gentoo 1
nvd
nvd
CVE-2009-3876
2009-11-05 16:30:00
CVE-2009-3875
2009-11-05 16:30:00
CVE-2009-3877
2009-11-05 16:30:00
cve
cve
CVE-2009-3876
2009-11-05 16:30:00
CVE-2009-3877
2009-11-05 16:30:00
CVE-2009-3875
2009-11-05 16:30:00
ubuntucve
ubuntucve
CVE-2009-3877
2009-11-05 00:00:00
CVE-2009-3876
2009-11-05 00:00:00
CVE-2009-3875
2009-11-05 00:00:00
prion
prion
Code injection
2009-11-05 16:30:00
Authentication flaw
2009-11-05 16:30:00
Code injection
2009-11-05 16:30:00
cvelist
cvelist
CVE-2009-3876
2009-11-05 16:00:00
CVE-2009-3875
2009-11-05 16:00:00
CVE-2009-3877
2009-11-05 16:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:40:39
Authorization Bypass
2020-04-10 00:40:38
Denial Of Service (DoS)
2020-04-10 00:40:39
openvas
openvas
HP-UX Update for Java HPSBUX02503
2010-02-15 00:00:00
Sun Java JDK/JRE Multiple Vulnerabilities - Nov09 (Linux)
2009-11-13 00:00:00
RedHat Security Advisory RHSA-2009:1647
2009-12-14 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
2011-09-20 00:00:00
HP Network Node Manager i DoS
2011-09-20 00:00:00
Sun Java multiple security vulnerabilities
2009-11-05 00:00:00
redhat
redhat
(RHSA-2009:1643) Critical: java-1.4.2-ibm security update
2009-12-07 00:00:00
(RHSA-2009:1647) Critical: java-1.5.0-ibm security update
2009-12-08 00:00:00
(RHSA-2009:1551) Moderate: java-1.4.2-ibm security update
2009-11-04 00:00:00
nessus
nessus
openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)
2009-11-11 00:00:00
RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1643)
2009-12-08 00:00:00
SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)
2009-12-27 00:00:00
suse
suse
remote code execution in java-1_5_0-ibm
2010-01-12 09:21:12
remote code execution in java-1_6_0-sun
2009-11-19 17:02:05
remote code execution in java-1_6_0-ibm
2010-01-12 17:47:21
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2009-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-23.b16.fc10
2009-11-14 03:33:25
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-30.b16.fc11
2009-11-14 03:30:20
[SECURITY] Fedora 12 Update: java-1.6.0-openjdk-1.6.0.0-33.b16.fc12
2009-11-14 03:32:17
centos
centos
java security update
2009-11-18 10:19:02
ubuntu
ubuntu
OpenJDK vulnerabilities
2009-11-12 00:00:00
packetstorm
packetstorm
Netragard Security Advisory 2009-12-19
2009-12-30 00:00:00
oracle
oracle
Security | Oracle Critical Patch Update - January 2010
2010-01-12 00:00:00
vmware
vmware
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

Low

0.139 Low

EPSS

Percentile

95.7%

JSON
Related for KLA10344
nvd4cve4ubuntucve3prion4cvelist4veracode3openvas40securityvulns4redhat10nessus40suse4oraclelinux1fedora3centos1ubuntu1packetstorm1oracle1vmware2gentoo1