CVE-2009-1094

JDK and JRE < 1.5.0 - Remote Code Execution via LDAP Serialized Data

Title source: manual

Description

Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.

References (43)

Core 43

Core References

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:137

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34632

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35156

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34675

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35776

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37460

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34489

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200911-02.xml

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-1038.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://rhn.redhat.com/errata/RHSA-2009-1198.html

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=124344236532162&w=2

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-0394.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34495

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1021893

Patch x_refsource_misc

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-19-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36185

Vendor Advisory vendor-advisory x_refsource_redhat

https://rhn.redhat.com/errata/RHSA-2009-0377.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35255

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1900

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1426

Patch, Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2009:162

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11064

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2009-0392.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35223

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34240

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34496

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-748-1

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1769

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35416

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6598

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37386

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3316

Scores

EPSS 0.0627

EPSS Percentile 91.0%

Details

Status published

Products (6)

sun/jdk 1.5.0 (19 CPE variants)

sun/jdk 1.6.0 update_10 (9 CPE variants)

sun/jdk < 1.5.0

sun/jdk < 1.6.0

sun/jre 1.5.0 (17 CPE variants)

sun/jre 1.6.0 (3 CPE variants)

Published Mar 25, 2009

Tracked Since Feb 18, 2026