Vulnerability-Lookup

CVE-2009-3879 (GCVE-0-2009-3879)

Vulnerability from cvelistv5 – Published: 2009-11-09 19:00 – Updated: 2024-08-07 06:45

Summary

Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

CERTA-2010-AVI-043

Vulnerability from certfr_avis - Published: 2010-02-02 - Updated: 2010-02-02

De multiples vulnérabilités dans les produits VMware permettent, entre autre, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités dans les produits VMware permettent, entre autre, l'exécution de code arbitraire à distance. Ces vulnérabilités impactent plus spécifiquement la couche logicielle Java JRE utilisée par certains produits VMware.

Il est à noter que des correctifs ne sont pour l'instant pas disponibles pour toutes les plaformes impactées.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	Server 2.0 ;
VMware	N/A	VirtualCenter 2.0.2 ;
VMware	N/A	ESX 3.0.3 ;
VMware	N/A	ESX 3.5 ;
VMware	N/A	VirtualCenter 2.5 antérieur à Update 6 ;
VMware	N/A	vMA 4.0.
VMware	N/A	ESX 4.0 ;
VMware	N/A	vCenter 4.0 ;

References

Title

Publication Time

GSD-2009-3879

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3879

Aliases

CVE-2009-3879

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3879",
    "description": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.",
    "id": "GSD-2009-3879",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3879.html",
      "https://access.redhat.com/errata/RHSA-2009:1662",
      "https://access.redhat.com/errata/RHSA-2009:1584",
      "https://access.redhat.com/errata/RHSA-2009:1571",
      "https://access.redhat.com/errata/RHSA-2009:1560",
      "https://linux.oracle.com/cve/CVE-2009-3879.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3879"
      ],
      "details": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.",
      "id": "GSD-2009-3879",
      "modified": "2023-12-13T01:19:49.703512Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-3879",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
            "refsource": "MISC",
            "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
          },
          {
            "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
            "refsource": "MISC",
            "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
          },
          {
            "name": "http://secunia.com/advisories/37386",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/37386"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200911-02.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530297",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-3879"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://java.sun.com/javase/6/webnotes/6u17.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
            },
            {
              "name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530297",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297"
            },
            {
              "name": "GLSA-200911-02",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
            },
            {
              "name": "37386",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37386"
            },
            {
              "name": "MDVSA-2010:084",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
            },
            {
              "name": "oval:org.mitre.oval:def:9568",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568"
            },
            {
              "name": "oval:org.mitre.oval:def:7545",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-19T01:29Z",
      "publishedDate": "2009-11-09T19:30Z"
    }
  }
}

FKIE_CVE-2009-3879

Vulnerability from fkie_nvd - Published: 2009-11-09 19:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://java.sun.com/j2se/1.5.0/ReleaseNotes.html	Vendor Advisory
secalert@redhat.com	http://java.sun.com/javase/6/webnotes/6u17.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/37386
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200911-02.xml
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=530297
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568
af854a3a-2127-422b-91ae-364da2661108	http://java.sun.com/j2se/1.5.0/ReleaseNotes.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://java.sun.com/javase/6/webnotes/6u17.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37386
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:084
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=530297
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568

Impacted products

Vendor	Product	Version
sun	jre	*
sun	jre	*
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	openjdk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update_21:*:*:*:*:*:*",
              "matchCriteriaId": "349EC26C-D1B9-44E4-A58E-E05326B7EC7D",
              "versionEndIncluding": "1.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*",
              "matchCriteriaId": "64DE1804-F822-4D0D-82A3-3B9DE1F3B0D2",
              "versionEndIncluding": "1.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "14E6127E-A40D-437D-B57B-0D7F57D08559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_11:*:*:*:*:*:*",
              "matchCriteriaId": "28AE4411-45D1-4978-BA61-334AD04FF8FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_12:*:*:*:*:*:*",
              "matchCriteriaId": "479EB097-495A-4730-AF51-F2C0064EBA6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_13:*:*:*:*:*:*",
              "matchCriteriaId": "9B3E7C12-8D97-42CC-9B2B-A0AE3267DE69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_14:*:*:*:*:*:*",
              "matchCriteriaId": "5024BE9F-CE32-4099-A646-F3EC5DB6F63C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_15:*:*:*:*:*:*",
              "matchCriteriaId": "DA9FB72A-C55F-4878-89D5-375FDA08163B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_16:*:*:*:*:*:*",
              "matchCriteriaId": "1CBC2A9C-9F21-4509-BA72-28B5DB16E55D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_17:*:*:*:*:*:*",
              "matchCriteriaId": "485F5ED3-062D-4A8E-AA34-9DC95D0D9646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_18:*:*:*:*:*:*",
              "matchCriteriaId": "124364C5-0616-4C7A-A78F-08FABAA785CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_19:*:*:*:*:*:*",
              "matchCriteriaId": "A6BFFF1E-20D6-4508-9842-E7AB35F12B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "DB7307A5-6F20-44FD-9D09-8FB76E444500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_20:*:*:*:*:*:*",
              "matchCriteriaId": "2E7F3992-0C15-4371-BE14-0D2046B3976E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "0E45DE8A-477B-4BF7-893B-D11DDEE82E82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "D107CE0B-2EF2-4CF0-869E-3E27CBCA4997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "81DABB45-F39C-4BF4-8F2B-0CEE60A44C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "CDDBD68A-771C-44FD-96A3-3AE189DE2591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "8FBD21F3-AC92-4154-948E-509FB8E097F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "D91F9E0C-0A76-4DBC-A4E5-74E6682A5765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "86F7EF21-5395-4F1F-A15D-A1C7EDBFAB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "A586DE4E-8A46-41DE-9FDB-5FDB81DCC87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "0A0FEC28-0707-4F42-9740-78F3D2D551EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*",
              "matchCriteriaId": "C3C5879A-A608-4230-9DC1-C27F0F48A13B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*",
              "matchCriteriaId": "0C71089A-BDDE-41FC-9DF9-9AEF4C2374DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*",
              "matchCriteriaId": "2DBB6B73-8D6B-41FF-BEE0-E0C7F5F1EB41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*",
              "matchCriteriaId": "12A3B254-8580-45DB-BDE4-5B5A29CBFFB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*",
              "matchCriteriaId": "1DB1DE6A-66AE-499B-AD92-9E6ACE474C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "90EC6C13-4B37-48E5-8199-A702A944D5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "2528152C-E20A-4D97-931C-A5EC3CEAA06D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "A99DAB4C-272B-4C91-BC70-7729E1152590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "30DFC10A-A4D9-4F89-B17C-AB9260087D29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "272A5C44-18EC-41A9-8233-E9D4D0734EA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "3DA21490-E253-4BDC-9BA8-5D068BE35189",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "81C2C04D-D4BA-4C87-9609-C53AA63BFF19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E78309B-E13F-4B65-9F59-39A993B900AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no espec\u00edficas en los subsistemas (1) X11 y (2) Win32GraphicsDevice en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, tienen impacto y vectores de ataque desconocidos, relacionado como el fallo de copiado de tablas que son devueltos por la funci\u00f3n getConfiguraci\u00f3n, tambi\u00e9n conocido como Bug Id 6822057."
    }
  ],
  "id": "CVE-2009-3879",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-11-09T19:30:00.453",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J25W-HJF5-JG7G

Vulnerability from github – Published: 2022-05-02 03:49 – Updated: 2022-05-02 03:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3879"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-11-09T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.",
  "id": "GHSA-j25w-hjf5-jg7g",
  "modified": "2022-05-02T03:49:21Z",
  "published": "2022-05-02T03:49:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3879"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568"
    },
    {
      "type": "WEB",
      "url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
    },
    {
      "type": "WEB",
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3879 (GCVE-0-2009-3879)

CERTA-2010-AVI-043

Description

Solution

GSD-2009-3879

FKIE_CVE-2009-3879

GHSA-J25W-HJF5-JG7G

Tags

Sightings

Nomenclature