CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
98.6%
It was discovered that font creation could leak temporary files.
If a user were tricked into loading a malicious program or applet,
a remote attacker could consume disk space, leading to a denial of
service. (CVE-2006-2426, CVE-2009-1100)
It was discovered that the lightweight HttpServer did not correctly close
files on dataless connections. A remote attacker could send specially
crafted requests, leading to a denial of service. (CVE-2009-1101)
The Java Runtime Environment did not correctly validate certain generated
code. If a user were tricked into running a malicious applet a remote
attacker could execute arbitrary code. (CVE-2009-1102)
It was discovered that LDAP connections did not close correctly.
A remote attacker could send specially crafted requests, leading to a
denial of service. (CVE-2009-1093)
Java LDAP routines did not unserialize certain data correctly. A remote
attacker could send specially crafted requests that could lead to
arbitrary code execution. (CVE-2009-1094)
Java did not correctly check certain JAR headers. If a user or
automated system were tricked into processing a malicious JAR file,
a remote attacker could crash the application, leading to a denial of
service. (CVE-2009-1095, CVE-2009-1096)
It was discovered that PNG and GIF decoding in Java could lead to memory
corruption. If a user or automated system were tricked into processing
a specially crafted image, a remote attacker could crash the application,
leading to a denial of service. (CVE-2009-1097, CVE-2009-1098)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.10 | noarch | openjdk-6-jre-headless | < 6b12-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | icedtea6-plugin | < 6b12-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-dbg | < 6b12-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-demo | < 6b12-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-jdk | < 6b12-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-jre | < 6b12-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-jre | < headless-6b12-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | openjdk-6-jre-lib | < 6b12-0ubuntu6.4 | UNKNOWN |
ubuntu.com/security/CVE-2006-2426
ubuntu.com/security/CVE-2009-1093
ubuntu.com/security/CVE-2009-1094
ubuntu.com/security/CVE-2009-1095
ubuntu.com/security/CVE-2009-1096
ubuntu.com/security/CVE-2009-1097
ubuntu.com/security/CVE-2009-1098
ubuntu.com/security/CVE-2009-1100
ubuntu.com/security/CVE-2009-1101
ubuntu.com/security/CVE-2009-1102