Published: 09/11/2009 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote malicious users to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jre 1.5.0
sun jre
sun jre 1.6.0
sun jre 1.6.0_10
sun jre 1.6.0_0

Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK (CVE-2009-2409) ...

NVD-CWE-noinfo http://java.sun.com/j2se/1.5.0/ReleaseNotes.html https://bugzilla.redhat.com/show_bug.cgi?id=530114 http://java.sun.com/javase/6/webnotes/6u17.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7094 https://nvd.nist.gov https://usn.ubuntu.com/859-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3885

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect