CVE-2009-1101

Severity

50%

Complexity

99%

Confidentiality

48%

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Sun

First reported 15 years ago

2009-03-25 23:30:00

Last updated 6 years ago

2018-10-10 19:33:00

Affected Software

Sun JDK 1.6.0

1.6.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 1.6.0_01-b06

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun JDK 1.6.0 Update 10

1.6.0

Sun JDK 1.6.0 Update 11

1.6.0

Sun JDK 1.6.0 Update 3

1.6.0

Sun JDK 1.6.0 Update 4

1.6.0

Sun JDK 1.6.0 Update 5

1.6.0

Sun JDK 1.6.0 Update 6

1.6.0

Sun JDK 1.6.0 Update 7

1.6.0

Sun JRE 1.6.0

1.6.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 10

1.6.0

Sun JRE 1.6.0 Update 11

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun JRE 1.6.0 Update 3

1.6.0

Sun JRE 1.6.0 Update 4

1.6.0

Sun JRE 1.6.0 Update 5

1.6.0

Sun JRE 1.6.0 Update 6

1.6.0

Sun JRE 1.6.0 Update 7

1.6.0

References

SSRT090058

SUSE-SA:2009:016

SUSE-SA:2009:029

SUSE-SA:2009:036

HPSBUX02429

34489

Vendor Advisory

34496

Vendor Advisory

34632

Vendor Advisory

34675

Vendor Advisory

35156

Vendor Advisory

35223

35255

Vendor Advisory

35776

Vendor Advisory

36185

37386

37460

GLSA-200911-02

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1

Patch

254609

Patch, Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm

DSA-1769

MDVSA-2009:137

MDVSA-2009:162

http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

RHSA-2009:0392

RHSA-2009:1038

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

34240

1021918

USN-748-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

ADV-2009-1426

Vendor Advisory

ADV-2009-3316

oval:org.mitre.oval:def:10152

oval:org.mitre.oval:def:6412

RHSA-2009:0377

RHSA-2009:1198

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.