Published: 05/11/2009 Updated: 30/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 580

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x prior to 1.3.1_27, and SDK and JRE 1.4.x prior to 1.4.2_24 allows remote malicious users to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jdk 1.5.0
sun jdk 1.6.0
sun jre 1.4.2 1
sun jre 1.4.2 2
sun jre 1.4.2 02
sun jre 1.4.2 3
sun jre 1.4.2 03
sun jre 1.4.2 4
sun jre 1.4.2 04
sun jre 1.4.2 05
sun jre 1.4.2 5
sun jre 1.4.2 6
sun jre 1.4.2 06
sun jre 1.4.2 07
sun jre 1.4.2 7
sun jre 1.4.2 8
sun jre 1.4.2 08
sun jre 1.4.2 9
sun jre 1.4.2 09
sun jre 1.4.2 10
sun jre 1.4.2 11
sun jre 1.4.2 12
sun jre 1.4.2 13
sun jre 1.4.2 14
sun jre 1.4.2 15
sun jre 1.4.2 16
sun jre 1.4.2 17
sun jre 1.4.2 18
sun jre 1.4.2 19
sun jre 1.4.2 20
sun jre 1.4.2 21
sun jre 1.4.2 22
sun jre 1.4.2 23
sun jre 1.5.0
sun jre 1.6.0
sun sdk 1.4.2 1
sun sdk 1.4.2 01
sun sdk 1.4.2 2
sun sdk 1.4.2 02
sun sdk 1.4.2 03
sun sdk 1.4.2 3
sun sdk 1.4.2 4
sun sdk 1.4.2 04
sun sdk 1.4.2 5
sun sdk 1.4.2 05
sun sdk 1.4.2 06
sun sdk 1.4.2 6
sun sdk 1.4.2 7
sun sdk 1.4.2 07
sun sdk 1.4.2 8
sun sdk 1.4.2 08
sun sdk 1.4.2 9
sun sdk 1.4.2 09
sun sdk 1.4.2 10
sun sdk 1.4.2 11
sun sdk 1.4.2 12
sun sdk 1.4.2 13
sun sdk 1.4.2 14
sun sdk 1.4.2 15
sun sdk 1.4.2 16
sun sdk 1.4.2 17
sun sdk 1.4.2 18
sun sdk 1.4.2 19
sun sdk 1.4.2 20
sun sdk 1.4.2 21
sun sdk 1.4.2 22
sun sdk 1.4.2 23
sun jre 1.3.1 1
sun jre 1.3.1 01
sun jre 1.3.1 01a
sun jre 1.3.1 02
sun jre 1.3.1 2
sun jre 1.3.1 03
sun jre 1.3.1 3
sun jre 1.3.1 04
sun jre 1.3.1 4
sun jre 1.3.1 5
sun jre 1.3.1 05
sun jre 1.3.1 06
sun jre 1.3.1 6
sun jre 1.3.1 07
sun jre 1.3.1 7
sun jre 1.3.1 08
sun jre 1.3.1 8
sun jre 1.3.1 9
sun jre 1.3.1 09
sun jre 1.3.1 10
sun jre 1.3.1 11
sun jre 1.3.1 12
sun jre 1.3.1 13
sun jre 1.3.1 14
sun jre 1.3.1 15
sun jre 1.3.1 16
sun jre 1.3.1 17
sun jre 1.3.1 18
sun jre 1.3.1 19
sun jre 1.3.1 20
sun jre 1.3.1 21
sun jre 1.3.1 22
sun jre 1.3.1 23
sun jre 1.3.1 24
sun jre 1.3.1 25
sun sdk 1.3.1 01
sun sdk 1.3.1 01a
sun sdk 1.3.1 02
sun sdk 1.3.1 2
sun sdk 1.3.1 03
sun sdk 1.3.1 3
sun sdk 1.3.1 4
sun sdk 1.3.1 04
sun sdk 1.3.1 05
sun sdk 1.3.1 5
sun sdk 1.3.1 6
sun sdk 1.3.1 06
sun sdk 1.3.1 07
sun sdk 1.3.1 7
sun sdk 1.3.1 8
sun sdk 1.3.1 08
sun sdk 1.3.1 9
sun sdk 1.3.1 09
sun sdk 1.3.1 10
sun sdk 1.3.1 11
sun sdk 1.3.1 12
sun sdk 1.3.1 13
sun sdk 1.3.1 14
sun sdk 1.3.1 15
sun sdk 1.3.1 16
sun sdk 1.3.1 17
sun sdk 1.3.1 18
sun sdk 1.3.1 19
sun sdk 1.3.1 20
sun sdk 1.3.1 21
sun sdk 1.3.1 22
sun sdk 1.3.1 23
sun sdk 1.3.1 24
sun sdk 1.3.1 25

Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by the R ...

Synopsis Low: Red Hat Network Satellite Server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 53This update has been rated as having low security impact by th ...

Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK (CVE-2009-2409) ...

CWE-399 http://java.sun.com/javase/6/webnotes/6u17.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1 http://www.securityfocus.com/bid/36881 http://www.vupen.com/english/advisories/2009/3131 http://secunia.com/advisories/37231 http://security.gentoo.org/glsa/glsa-200911-02.xml http://secunia.com/advisories/37239 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://secunia.com/advisories/37386 http://www.redhat.com/support/errata/RHSA-2009-1694.html http://secunia.com/advisories/37841 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8608 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6805 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10328 https://access.redhat.com/errata/RHSA-2009:1694 https://nvd.nist.gov https://usn.ubuntu.com/859-1/

Get Started

CVE-2009-3876

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect