VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | November 04, 2009 | February 15, 2011 | February 12, 2015 |
Available Exploits 
Description
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
apply-esx-3_5-patch-esx350-201003403-sgRelated Vulnerabilities
- CESA-2009:1647: java-1.5.0-ibm security update
- Apple Java security update for CVE-2009-3872
- JRE Deployment Toolkit Vulnerability
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
- JRE DER Decoding Denial of Service
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
- SUSE Linux Security Vulnerability: CVE-2009-3868
- JRE Non-English Update Flaw
- JRE Audio and Image File Buffer and Integer Overflow Vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2009-3876
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
- Apple Java security update for CVE-2009-3865
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
- RHSA-2009:1584: java-1.6.0-openjdk security update
- Apple Java security update for CVE-2009-3875
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
- Apple Java security update for CVE-2009-3877
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
- SUSE Linux Security Vulnerability: CVE-2009-3874
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
- SUSE Linux Security Vulnerability: CVE-2009-3865
- Apple Java security update for CVE-2009-3871
- SUSE Linux Security Vulnerability: CVE-2009-3875
- RHSA-2009:1571: java-1.5.0-sun security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
- SUSE Linux Security Vulnerability: CVE-2009-3877
- CESA-2009:1571: java-1.5.0-sun security update
- RHSA-2009:1694: java-1.6.0-ibm security update
- CESA-2009:1560: java-1.6.0-sun security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
- RHSA-2009:1560: java-1.6.0-sun security update
- CESA-2009:1584: java-1.6.0-openjdk security update
- SUSE Linux Security Vulnerability: CVE-2009-3871
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
- RHSA-2009:1647: java-1.5.0-ibm security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
- JRE Timing Attack
- SUSE Linux Security Vulnerability: CVE-2009-3873
- CESA-2009:1643: java-1.4.2-ibm security update
- Apple Java security update for CVE-2009-3873
- JRE Multiple Overflows
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
- RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
- Apple Java security update for CVE-2009-3874
- Apple Java security update for CVE-2009-3866
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
- USN-859-1: OpenJDK vulnerabilities
- Apple Java security update for CVE-2009-3868
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
- JRE HMAC Digest Flaw
- CESA-2010:0408: java-1.4.2-ibm security update
- RHSA-2009:1662: Red Hat Network Satellite Server Sun Java Runtime security update
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
- JRE Untrusted Application Privilege Escalation Vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-3866
- RHSA-2009:1551: java-1.4.2-ibm security update
- CESA-2009:1551: java-1.4.2-ibm security update
- RHSA-2010:0408: java-1.4.2-ibm security update
- SUSE Linux Security Vulnerability: CVE-2009-3864
- RHSA-2009:1643: java-1.4.2-ibm security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
- Apple Java security update for CVE-2009-3867
- JRE Java Web Start JNLP Vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-3869
- CESA-2009:1694: java-1.6.0-ibm security update
- SUSE Linux Security Vulnerability: CVE-2009-3867
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
- SUSE Linux Security Vulnerability: CVE-2009-3872
- SUSE Linux Security Advisory: SUSE-SA:2009:058
- JRE DER Decoding and HTTP Header Denial of Service Vulnerability
- Apple Java security update for CVE-2009-3869