CVE-2009-1102

EPSS 4.13%
Published 25.03.2009 23:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."

Affected products Warnungen 0 Metrics 2 CWE 1 References 30

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Java

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.13%	0.875

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://secunia.com/advisories/34489

http://secunia.com/advisories/34496

http://secunia.com/advisories/34632

http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm

http://www.mandriva.com/security/advisories?name=MDVSA-2009:137

http://www.mandriva.com/security/advisories?name=MDVSA-2009:162

http://www.redhat.com/support/errata/RHSA-2009-0392.html

http://www.ubuntu.com/usn/usn-748-1

https://rhn.redhat.com/errata/RHSA-2009-0377.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/3316