6.4
CVSSv2

CVE-2009-1103

Published: 25/03/2009 Updated: 10/10/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and previous versions; 6 Update 12 and previous versions; 1.4.2_19 and previous versions; and 1.3.1_24 and previous versions allows remote malicious users to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.

Vendor Advisories

Synopsis Critical: java-150-sun security update Type/Severity Security Advisory: Critical Topic Updated java-150-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...
Synopsis Critical: java-150-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-150-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...
Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...

Github Repositories

Compiled dataset of Java deserialization CVEs

Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV

References

NVD-CWE-noinfohttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.htmlhttp://marc.info/?l=bugtraq&m=124344236532162&w=2http://secunia.com/advisories/34495http://secunia.com/advisories/34496http://secunia.com/advisories/35156http://secunia.com/advisories/35255http://secunia.com/advisories/35416http://secunia.com/advisories/36185http://secunia.com/advisories/37386http://secunia.com/advisories/37460http://security.gentoo.org/glsa/glsa-200911-02.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1http://support.avaya.com/elmodocs2/security/ASA-2009-108.htmhttp://support.avaya.com/elmodocs2/security/ASA-2009-109.htmhttp://www.redhat.com/support/errata/RHSA-2009-0392.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0394.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1038.htmlhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/34240http://www.securitytracker.com/id?1021920http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/1426http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/49456https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6542https://rhn.redhat.com/errata/RHSA-2009-1198.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=17882https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/vmsa-2009-0016-5-jre-security-update-cve-2009-1104