The Java Update feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jdk | Sun | * | 5.0 (including) |
| Jdk | Sun | * | 6 (including) |
| Jdk | Sun | 5.0-update_1 (including) | 5.0-update_1 (including) |
| Jdk | Sun | 5.0-update_10 (including) | 5.0-update_10 (including) |
| Jdk | Sun | 5.0-update_11 (including) | 5.0-update_11 (including) |
| Jdk | Sun | 5.0-update_12 (including) | 5.0-update_12 (including) |
| Jdk | Sun | 5.0-update_13 (including) | 5.0-update_13 (including) |
| Jdk | Sun | 5.0-update_14 (including) | 5.0-update_14 (including) |
| Jdk | Sun | 5.0-update_15 (including) | 5.0-update_15 (including) |
| Jdk | Sun | 5.0-update_2 (including) | 5.0-update_2 (including) |
| Jdk | Sun | 5.0-update_3 (including) | 5.0-update_3 (including) |
| Jdk | Sun | 5.0-update_4 (including) | 5.0-update_4 (including) |
| Jdk | Sun | 5.0-update_5 (including) | 5.0-update_5 (including) |
| Jdk | Sun | 5.0-update_6 (including) | 5.0-update_6 (including) |
| Jdk | Sun | 5.0-update_7 (including) | 5.0-update_7 (including) |
| Jdk | Sun | 5.0-update_8 (including) | 5.0-update_8 (including) |
| Jdk | Sun | 5.0-update_9 (including) | 5.0-update_9 (including) |
| Jdk | Sun | 6 (including) | 6 (including) |
| Jdk | Sun | 6-update_1 (including) | 6-update_1 (including) |
| Jdk | Sun | 6-update_2 (including) | 6-update_2 (including) |
| Jdk | Sun | 6-update_3 (including) | 6-update_3 (including) |
| Jdk | Sun | 6-update_4 (including) | 6-update_4 (including) |
| Jdk | Sun | 6-update_5 (including) | 6-update_5 (including) |
| Jdk | Sun | 6-update_6 (including) | 6-update_6 (including) |
| Jdk | Sun | 6-update_7 (including) | 6-update_7 (including) |
| Jdk | Sun | 6-update_8 (including) | 6-update_8 (including) |
| Jdk | Sun | 6-update_9 (including) | 6-update_9 (including) |
| Jre | Sun | * | 1.4.2_18 (including) |
| Jre | Sun | * | 5.0 (including) |
| Jre | Sun | * | 6 (including) |
| Jre | Sun | 1.4.2_1 (including) | 1.4.2_1 (including) |
| Jre | Sun | 1.4.2_2 (including) | 1.4.2_2 (including) |
| Jre | Sun | 1.4.2_3 (including) | 1.4.2_3 (including) |
| Jre | Sun | 1.4.2_4 (including) | 1.4.2_4 (including) |
| Jre | Sun | 1.4.2_5 (including) | 1.4.2_5 (including) |
| Jre | Sun | 1.4.2_6 (including) | 1.4.2_6 (including) |
| Jre | Sun | 1.4.2_7 (including) | 1.4.2_7 (including) |
| Jre | Sun | 1.4.2_8 (including) | 1.4.2_8 (including) |
| Jre | Sun | 1.4.2_9 (including) | 1.4.2_9 (including) |
| Jre | Sun | 1.4.2_10 (including) | 1.4.2_10 (including) |
| Jre | Sun | 1.4.2_11 (including) | 1.4.2_11 (including) |
| Jre | Sun | 1.4.2_12 (including) | 1.4.2_12 (including) |
| Jre | Sun | 1.4.2_13 (including) | 1.4.2_13 (including) |
| Jre | Sun | 1.4.2_14 (including) | 1.4.2_14 (including) |
| Jre | Sun | 1.4.2_15 (including) | 1.4.2_15 (including) |
| Jre | Sun | 1.4.2_16 (including) | 1.4.2_16 (including) |
| Jre | Sun | 1.4.2_17 (including) | 1.4.2_17 (including) |
| Jre | Sun | 5.0 (including) | 5.0 (including) |
| Jre | Sun | 5.0-update_1 (including) | 5.0-update_1 (including) |
| Jre | Sun | 5.0-update_10 (including) | 5.0-update_10 (including) |
| Jre | Sun | 5.0-update_11 (including) | 5.0-update_11 (including) |
| Jre | Sun | 5.0-update_12 (including) | 5.0-update_12 (including) |
| Jre | Sun | 5.0-update_13 (including) | 5.0-update_13 (including) |
| Jre | Sun | 5.0-update_14 (including) | 5.0-update_14 (including) |
| Jre | Sun | 5.0-update_15 (including) | 5.0-update_15 (including) |
| Jre | Sun | 5.0-update_2 (including) | 5.0-update_2 (including) |
| Jre | Sun | 5.0-update_3 (including) | 5.0-update_3 (including) |
| Jre | Sun | 5.0-update_4 (including) | 5.0-update_4 (including) |
| Jre | Sun | 5.0-update_5 (including) | 5.0-update_5 (including) |
| Jre | Sun | 5.0-update_6 (including) | 5.0-update_6 (including) |
| Jre | Sun | 5.0-update_7 (including) | 5.0-update_7 (including) |
| Jre | Sun | 5.0-update_8 (including) | 5.0-update_8 (including) |
| Jre | Sun | 5.0-update_9 (including) | 5.0-update_9 (including) |
| Jre | Sun | 6 (including) | 6 (including) |
| Jre | Sun | 6-update_1 (including) | 6-update_1 (including) |
| Jre | Sun | 6-update_2 (including) | 6-update_2 (including) |
| Jre | Sun | 6-update_3 (including) | 6-update_3 (including) |
| Jre | Sun | 6-update_4 (including) | 6-update_4 (including) |
| Jre | Sun | 6-update_5 (including) | 6-update_5 (including) |
| Jre | Sun | 6-update_6 (including) | 6-update_6 (including) |
| Jre | Sun | 6-update_7 (including) | 6-update_7 (including) |
| Jre | Sun | 6-update_8 (including) | 6-update_8 (including) |
| Jre | Sun | 6-update_9 (including) | 6-update_9 (including) |
| Sdk | Sun | * | 1.4.2_18 (including) |
| Sdk | Sun | 1.4.2_1 (including) | 1.4.2_1 (including) |
| Sdk | Sun | 1.4.2_2 (including) | 1.4.2_2 (including) |
| Sdk | Sun | 1.4.2_3 (including) | 1.4.2_3 (including) |
| Sdk | Sun | 1.4.2_4 (including) | 1.4.2_4 (including) |
| Sdk | Sun | 1.4.2_5 (including) | 1.4.2_5 (including) |
| Sdk | Sun | 1.4.2_6 (including) | 1.4.2_6 (including) |
| Sdk | Sun | 1.4.2_7 (including) | 1.4.2_7 (including) |
| Sdk | Sun | 1.4.2_8 (including) | 1.4.2_8 (including) |
| Sdk | Sun | 1.4.2_9 (including) | 1.4.2_9 (including) |
| Sdk | Sun | 1.4.2_10 (including) | 1.4.2_10 (including) |
| Sdk | Sun | 1.4.2_11 (including) | 1.4.2_11 (including) |
| Sdk | Sun | 1.4.2_12 (including) | 1.4.2_12 (including) |
| Sdk | Sun | 1.4.2_13 (including) | 1.4.2_13 (including) |
| Sdk | Sun | 1.4.2_14 (including) | 1.4.2_14 (including) |
| Sdk | Sun | 1.4.2_15 (including) | 1.4.2_15 (including) |
| Sdk | Sun | 1.4.2_16 (including) | 1.4.2_16 (including) |
| Sdk | Sun | 1.4.2_17 (including) | 1.4.2_17 (including) |