1. Home
  2. CVE Database
  3. CVE-2009-3864
HIGH · 7.5

CVE-2009-3864

The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, do...

Vulnerability Description

The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MicrosoftWindowsAll versions
SunJdk1.5.0
SunJre1.5.0

References

FAQ

What is CVE-2009-3864?

CVE-2009-3864 is a vulnerability with a CVSS score of 7.5 (HIGH). The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, do...

How severe is CVE-2009-3864?

CVE-2009-3864 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3864?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows, Sun Jdk, Sun Jre.