Back to CVE Browser

CVE-2009-1219

MEDIUM

5.0

CVSS Severity Score

EPSS Score0.1960%

EPSS Percentile22.06th

PublishedApr 1, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter.

Affected Platforms (CPE)

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

📦

Sun

Java System Calendar Server

= 6

📦

Sun

Java System Calendar Server

= 6.3

📦

Sun

One Calendar Server

= 6.0

References & Advisories

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1

🔗 http://www.coresecurity.com/content/sun-calendar-express

🔗 http://www.securityfocus.com/archive/1/502320/100/0/threaded

🔗 http://www.securityfocus.com/bid/34150

🔗 http://www.vupen.com/english/advisories/2009/0905

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1

🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1

Related Vulnerabilities

CVE-2004-074210.0

Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and mo...

CVE-2008-27497.1

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access lo...

CVE-2009-12184.3

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...