Description
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.
References (8)
Core 8
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36881
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37231
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3131
Various Sources x_refsource_confirm
http://java.sun.com/javase/6/webnotes/6u17.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37239
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6753
Scores
EPSS
0.0856
EPSS Percentile
92.5%
Details
Status
published
Products (4)
microsoft/windows
sun/jdk
1.5.0 update1 (23 CPE variants)
sun/jdk
1.6.0 update1 (17 CPE variants)
sun/jre
1.5.0 update1 (9 CPE variants)
Published
Nov 05, 2009
Tracked Since
Feb 18, 2026