VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | November 04, 2009 | February 15, 2011 | February 12, 2015 |
Available Exploits 
Description
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
apply-esx-3_5-patch-esx350-201003403-sgRelated Vulnerabilities
- Apple Java security update for CVE-2009-3872
- JRE Deployment Toolkit Vulnerability
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
- JRE DER Decoding Denial of Service
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
- SUSE Linux Security Vulnerability: CVE-2009-3868
- JRE Non-English Update Flaw
- HP-UX: CVE-2009-3877: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- Cent OS: CVE-2009-3869: CESA-2009:1584 (java-1.6.0-openjdk)
- JRE Audio and Image File Buffer and Integer Overflow Vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2009-3876
- HP-UX: CVE-2009-3872: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
- Apple Java security update for CVE-2009-3865
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
- RHSA-2009:1584: java-1.6.0-openjdk security update
- Apple Java security update for CVE-2009-3875
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
- Apple Java security update for CVE-2009-3877
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
- HP-UX: CVE-2009-3874: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2009-3874
- HP-UX: CVE-2009-3871: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
- SUSE Linux Security Vulnerability: CVE-2009-3865
- HP-UX: CVE-2009-3867: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- Cent OS: CVE-2009-3873: CESA-2009:1584 (java-1.6.0-openjdk)
- Apple Java security update for CVE-2009-3871
- SUSE Linux Security Vulnerability: CVE-2009-3875
- HP-UX: CVE-2009-3876: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- RHSA-2009:1571: java-1.5.0-sun security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
- Cent OS: CVE-2009-3875: CESA-2009:1584 (java-1.6.0-openjdk)
- HP-UX: CVE-2009-3873: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
- HP-UX: CVE-2009-3875: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- Cent OS: CVE-2009-3874: CESA-2009:1584 (java-1.6.0-openjdk)
- SUSE Linux Security Vulnerability: CVE-2009-3877
- RHSA-2009:1694: java-1.6.0-ibm security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
- RHSA-2009:1560: java-1.6.0-sun security update
- Cent OS: CVE-2009-3871: CESA-2009:1584 (java-1.6.0-openjdk)
- SUSE Linux Security Vulnerability: CVE-2009-3871
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
- HP-UX: CVE-2009-3868: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- RHSA-2009:1647: java-1.5.0-ibm security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
- JRE Timing Attack
- SUSE Linux Security Vulnerability: CVE-2009-3873
- Apple Java security update for CVE-2009-3873
- JRE Multiple Overflows
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
- RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
- Apple Java security update for CVE-2009-3874
- Apple Java security update for CVE-2009-3866
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
- USN-859-1: OpenJDK vulnerabilities
- HP-UX: CVE-2009-3869: Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
- Apple Java security update for CVE-2009-3868
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
- JRE HMAC Digest Flaw
- RHSA-2009:1662: Red Hat Network Satellite Server Sun Java Runtime security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
- JRE Untrusted Application Privilege Escalation Vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-3866
- RHSA-2009:1551: java-1.4.2-ibm security update
- RHSA-2010:0408: java-1.4.2-ibm security update
- SUSE Linux Security Vulnerability: CVE-2009-3864
- RHSA-2009:1643: java-1.4.2-ibm security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
- Apple Java security update for CVE-2009-3867
- Cent OS: CVE-2009-3876: CESA-2009:1584 (java-1.6.0-openjdk)
- JRE Java Web Start JNLP Vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-3869
- SUSE Linux Security Vulnerability: CVE-2009-3867
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
- SUSE Linux Security Vulnerability: CVE-2009-3872
- Cent OS: CVE-2009-3877: CESA-2009:1584 (java-1.6.0-openjdk)
- SUSE Linux Security Advisory: SUSE-SA:2009:058
- JRE DER Decoding and HTTP Header Denial of Service Vulnerability
- Apple Java security update for CVE-2009-3869