CVE-2009-3877
Last modified
CVE-2009-3877 is a vulnerability of currently unknown severity. Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.. EPSS estimates a 4.81% chance of exploitation in the next 30 days.
Description
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sun | Jdk | 1.5.0 | Update1 |
| Sun | Jdk | 1.6.0 | Update1 |
| Sun | Jre | 1.4.2_1 | — |
| Sun | Jre | 1.4.2_2 | — |
| Sun | Jre | 1.4.2_02 | — |
| Sun | Jre | 1.4.2_03 | — |
| Sun | Jre | 1.4.2_3 | — |
| Sun | Jre | 1.4.2_4 | — |
| Sun | Jre | 1.4.2_04 | — |
| Sun | Jre | 1.4.2_05 | — |
| Sun | Jre | 1.4.2_5 | — |
| Sun | Jre | 1.4.2_06 | — |
| Sun | Jre | 1.4.2_6 | — |
| Sun | Jre | 1.4.2_7 | — |
| Sun | Jre | 1.4.2_07 | — |
| Sun | Jre | 1.4.2_8 | — |
| Sun | Jre | 1.4.2_08 | — |
| Sun | Jre | 1.4.2_09 | — |
| Sun | Jre | 1.4.2_9 | — |
| Sun | Jre | 1.4.2_10 | — |
| Sun | Jre | 1.4.2_11 | — |
| Sun | Jre | 1.4.2_12 | — |
| Sun | Jre | 1.4.2_13 | — |
| Sun | Jre | 1.4.2_14 | — |
| Sun | Jre | 1.4.2_15 | — |
| Sun | Jre | 1.4.2_16 | — |
| Sun | Jre | 1.4.2_17 | — |
| Sun | Jre | 1.4.2_18 | — |
| Sun | Jre | 1.4.2_19 | — |
| Sun | Jre | 1.4.2_20 | — |
| Sun | Jre | 1.4.2_21 | — |
| Sun | Jre | 1.4.2_22 | — |
| Sun | Jre | 1.4.2_23 | — |
| Sun | Jre | 1.5.0 | Update1 |
| Sun | Jre | 1.6.0 | Update 1 |
| Sun | Sdk | 1.4.2_01 | — |
| Sun | Sdk | 1.4.2_1 | — |
| Sun | Sdk | 1.4.2_2 | — |
| Sun | Sdk | 1.4.2_02 | — |
| Sun | Sdk | 1.4.2_03 | — |
| Sun | Sdk | 1.4.2_3 | — |
| Sun | Sdk | 1.4.2_04 | — |
| Sun | Sdk | 1.4.2_4 | — |
| Sun | Sdk | 1.4.2_5 | — |
| Sun | Sdk | 1.4.2_05 | — |
| Sun | Sdk | 1.4.2_6 | — |
| Sun | Sdk | 1.4.2_06 | — |
| Sun | Sdk | 1.4.2_07 | — |
| Sun | Sdk | 1.4.2_7 | — |
| Sun | Sdk | 1.4.2_8 | — |
Showing 50 of 136 affected configurations. See NVD for the full list.
References
- http://java.sun.com/javase/6/webnotes/6u17.htmlVendor Advisory
- http://secunia.com/advisories/37231Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1Patch, Vendor Advisory
- http://www.vupen.com/english/advisories/2009/3131Patch, Vendor Advisory
- http://java.sun.com/javase/6/webnotes/6u17.htmlVendor Advisory
- http://secunia.com/advisories/37231Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1Patch, Vendor Advisory
- http://www.vupen.com/english/advisories/2009/3131Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3877?
How severe is CVE-2009-3877?
How do I fix CVE-2009-3877?
Are you affected by CVE-2009-3877?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST