Vulnerability Details : CVE-2009-3864
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
Products affected by CVE-2009-3864
- cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-3864
2.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3864
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2009-3864
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6753
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2009/3131
Patch;Vendor Advisory
-
http://java.sun.com/javase/6/webnotes/6u17.html
Java SE 6 Update 17 Release Notes
-
http://www.securityfocus.com/bid/36881
Sun Java SE November 2009 Multiple Security VulnerabilitiesPatch
Jump to