PT-2009-3685 · Oracle+1 · Java Se Development Kit+2

Published

2009-03-25

·

Updated

2018-10-10

·

CVE-2009-1107

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 6 Update 12 and earlier Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 5.0 Update 17 and earlier
Description The issue allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a Swing JLabel HTML parsing issue.
Recommendations For Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 6 Update 12 and earlier, update to a version later than Update 12. For Java SE Development Kit (JDK) and Java Runtime Environment (JRE) versions 5.0 Update 17 and earlier, update to a version later than Update 17.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2009-1107
HPSBUX02429
RHSA-2009:0392
RHSA-2009:0394
RHSA-2009:1038
RHSA-2009:1198
RHSA-2009:1662
RHSA-2010:0043

Affected Products

Hp-Ux
Java Runtime Environment
Java Se Development Kit