CVE-2009-3877

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-11-2009 05:30

Last modified: - 23-01-2023 07:44

Total changes: - 8

Description

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

ADV-2009-3131-Patch, Vendor Advisory
http://java.sun.com/javase/6/webnotes/6u17.html
36881-
37231-Vendor Advisory
270476-Patch, Vendor Advisory
GLSA-200911-02-
SUSE-SA:2009:058-
37239-
APPLE-SA-2009-12-03-2-
APPLE-SA-2009-12-03-1-
http://support.apple.com/kb/HT3970
37386-
http://support.apple.com/kb/HT3969
37581-
37841-
RHSA-2009:1694-
MDVSA-2010:084-
SSRT100242-
http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html
SSRT100019-
oval:org.mitre.oval:def:8330-
oval:org.mitre.oval:def:7148-
oval:org.mitre.oval:def:12232-
oval:org.mitre.oval:def:10469-

Keywords

CVE-2009-3877

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-3877

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures