Vulnerability Name:

CVE-2009-3864 (CCN-54123)

Assigned:2009-11-03
Published:2009-11-03
Updated:2018-10-30
Summary:The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2009-3864

Source: CONFIRM
Type: UNKNOWN
http://java.sun.com/javase/6/webnotes/6u17.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2009:058

Source: CCN
Type: VMware Security Announcements Mailing list, Fri Jan 29 22:55:19 PST 2010
VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE

Source: CCN
Type: SA37231
Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
37231

Source: SECUNIA
Type: UNKNOWN
37239

Source: CCN
Type: SA37613
IBM Java Denial of Service Vulnerabilities

Source: CCN
Type: SA37625
IBM Java 6 Denial of Service Vulnerabilities

Source: CCN
Type: SA38384
VMware VirtualCenter JRE Multiple Vulnerabilities

Source: CCN
Type: Sun Alert ID: 269868
The Java Update Mechanism on Non-English Versions Does Not Update the JRE When a New Version is Available

Source: SUNALERT
Type: Patch, Vendor Advisory
269868

Source: CCN
Type: IBM Security Alerts
Sun's latest Java security alerts

Source: CCN
Type: OSVDB ID: 59718
Sun Java JDK / JRE on Windows Update Notification Weakness

Source: BID
Type: Patch
36881

Source: CCN
Type: BID-36881
Sun Java SE November 2009 Multiple Security Vulnerabilities

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-3131

Source: XF
Type: UNKNOWN
sunjava-jre-update-weak-security(54123)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6753

Source: SUSE
Type: SUSE-SA:2009:058
Sun Java 6 security update

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*
  • AND
  • cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update11:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update12:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update13:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update14:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update15:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update16:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.6.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update12:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update14:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update15:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update16:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update17:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update18:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update19:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update20:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update21:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update10:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update11:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update12:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update13:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update14:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update15:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update16:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update7:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update8:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update9:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:jre:6:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:5.0.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:virtualcenter:2.0:unknown:client:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20093864
    V
    		CVE-2009-3864
    2015-11-16
    oval:org.mitre.oval:def:6753
    V
    		Sun Java Updates Availability Notification System Failure
    2014-01-20
    BACK
    microsoft windows *
    sun jdk 1.5.0 update1
    sun jdk 1.5.0 update10
    sun jdk 1.5.0 update11
    sun jdk 1.5.0 update11_b03
    sun jdk 1.5.0 update12
    sun jdk 1.5.0 update13
    sun jdk 1.5.0 update14
    sun jdk 1.5.0 update15
    sun jdk 1.5.0 update16
    sun jdk 1.5.0 update17
    sun jdk 1.5.0 update18
    sun jdk 1.5.0 update19
    sun jdk 1.5.0 update2
    sun jdk 1.5.0 update20
    sun jdk 1.5.0 update21
    sun jdk 1.5.0 update3
    sun jdk 1.5.0 update4
    sun jdk 1.5.0 update5
    sun jdk 1.5.0 update6
    sun jdk 1.5.0 update7
    sun jdk 1.5.0 update7_b03
    sun jdk 1.5.0 update8
    sun jdk 1.5.0 update9
    sun jdk 1.6.0 update1
    sun jdk 1.6.0 update10
    sun jdk 1.6.0 update11
    sun jdk 1.6.0 update12
    sun jdk 1.6.0 update13
    sun jdk 1.6.0 update14
    sun jdk 1.6.0 update15
    sun jdk 1.6.0 update16
    sun jdk 1.6.0 update1_b06
    sun jdk 1.6.0 update2
    sun jdk 1.6.0 update3
    sun jdk 1.6.0 update4
    sun jdk 1.6.0 update5
    sun jdk 1.6.0 update6
    sun jdk 1.6.0 update7
    sun jdk 1.6.0 update8
    sun jdk 1.6.0 update9
    sun jre 1.5.0 update1
    sun jre 1.5.0 update10
    sun jre 1.5.0 update11
    sun jre 1.5.0 update12
    sun jre 1.5.0 update13
    sun jre 1.5.0 update14
    sun jre 1.5.0 update15
    sun jre 1.5.0 update16
    sun jre 1.5.0 update17
    sun jre 1.5.0 update18
    sun jre 1.5.0 update19
    sun jre 1.5.0 update2
    sun jre 1.5.0 update20
    sun jre 1.5.0 update21
    sun jre 1.5.0 update3
    sun jre 1.5.0 update4
    sun jre 1.5.0 update5
    sun jre 1.5.0 update6
    sun jre 1.5.0 update7
    sun jre 1.5.0 update8
    sun jre 1.5.0 update9
    sun jre 1.6.0 update10
    sun jre 1.6.0 update11
    sun jre 1.6.0 update12
    sun jre 1.6.0 update13
    sun jre 1.6.0 update14
    sun jre 1.6.0 update15
    sun jre 1.6.0 update16
    sun jre 1.6.0 update4
    sun jre 1.6.0 update5
    sun jre 1.6.0 update6
    sun jre 1.6.0 update7
    sun jre 1.6.0 update8
    sun jre 1.6.0 update9
    sun jre 1.6.0 update_1
    sun jre 1.6.0 update_2
    sun jre 1.6.0 update_3
    sun jre 6
    sun jdk 5.0
    sun jre 5.0
    ibm java 1.4.2
    ibm java 5.0.0.0
    novell opensuse 11.0
    vmware virtualcenter 2.0 unknown