Launchpad.net

CVE 2009-1101

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."

Related bugs and status

CVE-2009-1101 (Candidate) is related to these bugs:

Bug #85969: Java Docs Package Won't Install

		In	Importance	Status
85969	Java Docs Package Won't Install	sun-java6 (Ubuntu)	Medium	Fix Released
85969	Java Docs Package Won't Install	sun-java5 (Ubuntu)	Medium	Invalid
85969	Java Docs Package Won't Install	j2se1.4-i586 (Ubuntu)	Wishlist	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://sunsolve.sun.co...
SUNALERT: 254609
CONFIRM: http://support.avaya.c...
REDHAT: RHSA-2009:0392
UBUNTU: USN-748-1
BID: 34240
SECTRACK: 1021918
SECUNIA: 34489
REDHAT: RHSA-2009:0377
SECUNIA: 34496
DEBIAN: DSA-1769
SUSE: SUSE-SA:2009:016
SECUNIA: 34675
SECUNIA: 34632
REDHAT: RHSA-2009:1038
SUSE: SUSE-SA:2009:029
SECUNIA: 35223
SECUNIA: 35156
SECUNIA: 35255
VUPEN: ADV-2009-1426
MANDRIVA: MDVSA-2009:137
SUSE: SUSE-SA:2009:036
SECUNIA: 35776
MANDRIVA: MDVSA-2009:162
REDHAT: RHSA-2009:1198
SECUNIA: 36185
GENTOO: GLSA-200911-02
CONFIRM: http://www.vmware.com/...
SECUNIA: 37386
SECUNIA: 37460
VUPEN: ADV-2009-3316
CONFIRM: http://www.oracle.com/...
HP: HPSBMA02429
HP: SSRT090058
HP: HPSBUX02429
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20091120 VMSA-2009-001...