{ "threat_severity" : "Critical", "public_date" : "2009-03-25T00:00:00Z", "bugzilla" : { "description" : "OpenJDK LDAP client remote code execution (6737315)", "id" : "490168", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=490168" }, "cvss" : { "cvss_base_score" : "6.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status" : "verified" }, "details" : [ "Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data." ], "affected_release" : [ { "product_name" : "Extras for RHEL 4", "release_date" : "2009-03-26T00:00:00Z", "advisory" : "RHSA-2009:0392", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4" }, { "product_name" : "Extras for RHEL 4", "release_date" : "2009-03-26T00:00:00Z", "advisory" : "RHSA-2009:0394", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.5.0-sun-0:1.5.0.18-1jpp.1.el4" }, { "product_name" : "Extras for RHEL 4", "release_date" : "2009-05-18T00:00:00Z", "advisory" : "RHSA-2009:1038", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.5.0-ibm-1:1.5.0.9-1jpp.5.el4" }, { "product_name" : "Extras for RHEL 4", "release_date" : "2009-08-06T00:00:00Z", "advisory" : "RHSA-2009:1198", "cpe" : "cpe:/a:redhat:rhel_extras:4", "package" : "java-1.6.0-ibm-1:1.6.0.5-1jpp.1.el4" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2009-04-07T00:00:00Z", "advisory" : "RHSA-2009:0377", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5" }, { "product_name" : "Red Hat Network Satellite Server v 5.1", "release_date" : "2009-12-11T00:00:00Z", "advisory" : "RHSA-2009:1662", "cpe" : "cpe:/a:redhat:network_satellite:5.1::el4", "package" : "java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4" }, { "product_name" : "Red Hat Network Satellite Server v 5.3", "release_date" : "2010-01-14T00:00:00Z", "advisory" : "RHSA-2010:0043", "cpe" : "cpe:/a:redhat:network_satellite:5.3::el4", "package" : "java-1.6.0-ibm-1:1.6.0.7-1jpp.2.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-03-26T00:00:00Z", "advisory" : "RHSA-2009:0392", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-03-26T00:00:00Z", "advisory" : "RHSA-2009:0394", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-sun-0:1.5.0.18-1jpp.1.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-05-18T00:00:00Z", "advisory" : "RHSA-2009:1038", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.5.0-ibm-1:1.5.0.9-1jpp.3.el5" }, { "product_name" : "Supplementary for Red Hat Enterprise Linux 5", "release_date" : "2009-08-06T00:00:00Z", "advisory" : "RHSA-2009:1198", "cpe" : "cpe:/a:redhat:rhel_extras:5", "package" : "java-1.6.0-ibm-1:1.6.0.5-1jpp.1.el5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-1094\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1094" ], "name" : "CVE-2009-1094", "csaw" : false }