Vulnerability CVE-2009-3876 - CERT Civis.Net

Vulnerability Name:

CVE-2009-3876 (CCN-54132)

Assigned:

2009-11-03

Published:

2009-11-03

Updated:

2018-10-30

Summary:

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2009-3876

Source: CONFIRM
Type: UNKNOWN
http://java.sun.com/javase/6/webnotes/6u17.html

Source: SUSE
Type: UNKNOWN
SUSE-SA:2009:058

Source: CCN
Type: VMware Security Announcements Mailing list, Fri Jan 29 22:55:19 PST 2010
VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE

Source: HP
Type: UNKNOWN
SSRT100019

Source: HP
Type: UNKNOWN
SSRT100242

Source: HP
Type: UNKNOWN
HPSBMU02799

Source: CCN
Type: RHSA-2009-1551
Moderate: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2009-1560
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2009-1571
Critical: java-1.5.0-sun security update

Source: CCN
Type: RHSA-2009-1584
Important: java-1.6.0-openjdk security update

Source: CCN
Type: RHSA-2009-1643
Critical: java-1.4.2-ibm security update

Source: CCN
Type: RHSA-2009-1647
Critical: java-1.5.0-ibm security update

Source: CCN
Type: RHSA-2009-1662
Low: Red Hat Network Satellite Server Sun Java Runtime security update

Source: CCN
Type: RHSA-2009-1694
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2010-0043
Low: Red Hat Network Satellite Server IBM Java Runtime security update

Source: CCN
Type: SA37231
Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
37231

Source: SECUNIA
Type: UNKNOWN
37239

Source: SECUNIA
Type: UNKNOWN
37386

Source: CCN
Type: SA37613
IBM Java Denial of Service Vulnerabilities

Source: CCN
Type: SA37625
IBM Java 6 Denial of Service Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
37841

Source: CCN
Type: SA38384
VMware VirtualCenter JRE Multiple Vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200911-02

Source: CCN
Type: Sun Alert ID: 270476
Two Security Vulnerabilities in the Java Runtime Environment With Decoding DER Encoded Data and Parsing HTTP Headers may Result in a Denial of Service (DoS)

Source: SUNALERT
Type: Patch, Vendor Advisory
270476

Source: CCN
Type: IBM Security Alerts
Sun's latest Java security alerts

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:084

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html

Source: CCN
Type: OSVDB ID: 59705
Sun Java JDK / JRE DER Encoded Data Decoding Unspecified Memory Exhaustion DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1694

Source: BID
Type: UNKNOWN
36881

Source: CCN
Type: BID-36881
Sun Java SE November 2009 Multiple Security Vulnerabilities

Source: CCN
Type: USN-859-1
OpenJDK vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2009-3131

Source: XF
Type: UNKNOWN
sun-jre-der-dos(54132)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10328

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11934

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6805

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8608

Source: SUSE
Type: SUSE-SA:2009:058
Sun Java 6 security update

Source: SUSE
Type: SUSE-SA:2010:002
IBM Java 5 security update

Source: SUSE
Type: SUSE-SA:2010:004
IBM Java 6 security update

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update17:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update18:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update19:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update20:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update21:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_05:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_06:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_07:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_18:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_19:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_20:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_21:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_23:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update17:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update18:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update19:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update20:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update21:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.5.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*

AND

cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:sun:jre:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_23:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_24:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_25:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_18:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_23:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_18:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_19:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_09:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_08:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_07:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_06:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_05:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_04:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_03:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_02:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_01:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_23:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_24:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_21:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_20:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_19:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_18:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_17:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_16:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_15:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_14:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_13:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_12:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_11:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_10:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_09:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_08:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_07:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_06:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_05:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_04:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_03:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_02:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_01:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_01a:*:*:*:*:*:*:*

OR cpe:/a:sun:jdk:5.0:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:5.0:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_19:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_20:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_21:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_20:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_21:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_23:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_23:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_26:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_26:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.4.2_22:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.4.2_22:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_9:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_8:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_7:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_4:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_3:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_6:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_5:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_2:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_24:*:*:*:*:*:*:*

OR cpe:/a:sun:sdk:1.3.1_25:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_1:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_2:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_3:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_4:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_5:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_6:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_7:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_8:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_9:*:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.3.1_25:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:5.0.0.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_server:2:*:*:*:*:*:*:*

OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*

OR cpe:/a:vmware:virtualcenter:2.0:unknown:client:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20093876	V	CVE-2009-3876	2022-05-20
oval:org.mitre.oval:def:28898	P	RHSA-2009:1584 -- java-1.6.0-openjdk security update (Important)	2015-08-17
oval:org.mitre.oval:def:8608	V	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities	2015-04-20
oval:org.mitre.oval:def:11934	V	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities	2015-04-20
oval:org.mitre.oval:def:13907	P	USN-859-1 -- openjdk-6 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22949	P	ELSA-2009:1560: java-1.6.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22032	P	ELSA-2009:1571: java-1.5.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22972	P	ELSA-2009:1643: java-1.4.2-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22842	P	ELSA-2009:1647: java-1.5.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22979	P	ELSA-2009:1584: java-1.6.0-openjdk security update (Important)	2014-05-26
oval:org.mitre.oval:def:22907	P	ELSA-2009:1694: java-1.6.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:6805	V	OpenJDK ASN.1/DER Input Stream Parser Denial of Service via Crafted DER Encoded Data	2014-01-20
oval:org.mitre.oval:def:10328	V	Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.	2013-04-29
oval:com.redhat.rhsa:def:20091694	P	RHSA-2009:1694: java-1.6.0-ibm security update (Critical)	2009-12-23
oval:com.redhat.rhsa:def:20091647	P	RHSA-2009:1647: java-1.5.0-ibm security update (Critical)	2009-12-08
oval:com.redhat.rhsa:def:20091643	P	RHSA-2009:1643: java-1.4.2-ibm security update (Critical)	2009-12-07
oval:com.redhat.rhsa:def:20091584	P	RHSA-2009:1584: java-1.6.0-openjdk security update (Important)	2009-11-16
oval:com.redhat.rhsa:def:20091571	P	RHSA-2009:1571: java-1.5.0-sun security update (Critical)	2009-11-10
oval:com.redhat.rhsa:def:20091560	P	RHSA-2009:1560: java-1.6.0-sun security update (Critical)	2009-11-09