Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Sun Java SE Multiple Vulnerabilities - Nov09 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Sun Java SE and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws occur due to: - Directory traversal vulnerability in 'ICC_Profile.getInstance' method. - Unspecified error in TrueType font parsing functionality. - When a non-English version of Windows is used, the Java Update functionality does not retrieve available new JRE versions. - Failure to clone arrays that are returned by the 'getConfigurations()' function in X11 and Win32GraphicsDevice. - The Abstract Window Toolkit (AWT) does not properly restrict the objects that may be sent to loggers. - Information leak occurs as the application does not prevent the existence of children of a resurrected ClassLoader. - Multiple unspecified errors in the Swing implementation. - The 'TimeZone.getTimeZone' method allows users to probe for the existence of local files via vectors related to handling of zoneinfo. - Error during parsing of BMP files containing UNC ICC links.
Affected Software
Affected Software
Sun Java SE 6 prior to 6 Update 17 Sun Java SE 5 prior to 5 Update 22 on Windows.
Solution
Solution
Upgrade to JRE version 6 Update 17 or later. OR Upgrade to JRE version 5 Update 22.