CVE-2009-0392
published 2009-02-03CVE-2009-0392: Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot)…
PriorityP432medium6.8CVSS 2.0
AVNACLAuSCCINAN
EXPLOIT
EPSS
2.34%
81.5th percentile
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-1105 OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)
bugzilla·2009-03-26·CVSS 7.5
CVE-2009-1105 [HIGH] CVE-2009-1105 OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)
CVE-2009-1105 OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1105 to
the following vulnerability:
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime
Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote
attackers to cause a trusted applet to run in an older JRE version,
which can be used to exploit vulnerabilities in that older version,
aka CR 6706490.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redha
Bugzilla
CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)
bugzilla·2009-03-13·CVSS 5.0
CVE-2009-1101 [MEDIUM] CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)
CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)
Unspecified vulnerability in the lightweight HTTP server
implementation in Java SE Development Kit (JDK) and Java Runtime
Environment (JRE) 6 Update 12 and earlier allows remote attackers to
cause a denial of service (probably resource consumption) for a JAX-WS
service endpoint via a connection without any data, which triggers a
file descriptor "leak."
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
---
This i
Bugzilla
CVE-2009-1097 OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)
bugzilla·2009-03-13·CVSS 9.3
CVE-2009-1097 [CRITICAL] CVE-2009-1097 OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)
CVE-2009-1097 OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)
Multiple buffer overflows in Java SE Development Kit (JDK) and Java
Runtime Environment (JRE) 6 Update 12 and earlier allow remote
attackers to access files or execute arbitrary code via a crafted (1)
PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
---
This issue has been addressed in following products:
Extras for RHEL 4
Extras for
Bugzilla
CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680)
bugzilla·2009-03-13·CVSS 5.0
CVE-2009-1093 [MEDIUM] CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680)
CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680)
The LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).
5.0 Update 17 and earlier;
6 Update 12 and earlier;
SDK and JRE 1.3.1_24 and earlier;
and 1.4.2_19 and earlier
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0394 https://rhn.redhat.com/errata/RHSA-2009-0394.html
---
Th
Bugzilla
CVE-2009-1094 OpenJDK LDAP client remote code execution (6737315)
bugzilla·2009-03-13·CVSS 10.0
CVE-2009-1094 [CRITICAL] CVE-2009-1094 OpenJDK LDAP client remote code execution (6737315)
CVE-2009-1094 OpenJDK LDAP client remote code execution (6737315)
An unspecified vulnerability in the LDAP implementation in Java SE
Development Kit (JDK) and Java Runtime Environment (JRE) allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
5.0 Update 17 and earlier;
6 Update 12 and earlier;
SDK and JRE 1.3.1_24 and earlier;
and 1.4.2_19 and earlier
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0394 https://rhn.redhat.com/errata/RHSA-2009-0394.html
---
This issue
Bugzilla
CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability (6804998)
bugzilla·2009-03-13·CVSS 9.3
CVE-2009-1098 [CRITICAL] CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability (6804998)
CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability (6804998)
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime
Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier;
1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers
to access files or execute arbitrary code via a crafted GIF image, aka
CR 6804998.
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0394 https://rhn.redhat.com/errata/RHSA-2009-0394.html
---
This issue has been addressed in following pro
Bugzilla
CVE-2009-1102 OpenJDK code generation vulnerability (6636360)
bugzilla·2009-03-13·CVSS 6.4
CVE-2009-1102 [MEDIUM] CVE-2009-1102 OpenJDK code generation vulnerability (6636360)
CVE-2009-1102 OpenJDK code generation vulnerability (6636360)
Unspecified vulnerability in the Virtual Machine in Java SE
Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12
and earlier allows remote attackers to access files and execute
arbitrary code via unknown vectors related to "code generation."
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
Bugzilla
CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability (6792554)
bugzilla·2009-03-13·CVSS 10.0
CVE-2009-1095 [CRITICAL] CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability (6792554)
CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability (6792554)
Integer overflow in unpack200 in Java SE Development Kit (JDK) and
Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update
12 and earlier, allows remote attackers to access files or execute
arbitrary code via a JAR file with crafted Pack200 headers.
Discussion:
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java
Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12
and earlier, allows remote attackers to access files or execute
arbitrary code via a JAR file with crafted Pack200 headers. (CVE-2009-1096)
---
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.c
2009-02-03
Published