Lucene search
RedhatCVE-2009-3886HistoryNov 09, 2009 - 7:30 p.m.
CVE-2009-3886
2009-11-0919:30:00
redhat
web.nvd.nist.gov
60
cve-2009-3886
java
web start
sun java se
vulnerability
update 17
jar file
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6
Confidence
Low
EPSS
0.003
Percentile
71.4%
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a “regression,” aka Bug Id 6870531.
Affected configurations
Node
sunjreRange≤1.6.0update_16
ORsunjreMatch1.6.0update_1
ORsunjreMatch1.6.0update_10
ORsunjreMatch1.6.0update_11
ORsunjreMatch1.6.0update_12
ORsunjreMatch1.6.0update_13
ORsunjreMatch1.6.0update_14
ORsunjreMatch1.6.0update_15
ORsunjreMatch1.6.0update_2
ORsunjreMatch1.6.0update_3
ORsunjreMatch1.6.0update_4
ORsunjreMatch1.6.0update_5
ORsunjreMatch1.6.0update_6
ORsunjreMatch1.6.0update_7
ORsunjreMatch1.6.0update_8
ORsunjreMatch1.6.0update_9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sun | jre | * | cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2009-3886
2009-11-09 19:00:00
ubuntucve
ubuntucve
CVE-2009-3886
2009-11-09 00:00:00
prion
prion
Design/Logic Flaw
2009-11-09 19:30:00
nvd
nvd
CVE-2009-3886
2009-11-09 19:30:00
openvas
openvas
Sun Java JRE Remote Code Execution Vulnerability (Linux)
2009-11-13 00:00:00
Sun Java JRE Remote Code Execution Vulnerability (Windows)
2009-11-13 00:00:00
Sun Java JRE < 6 Update 17 RCE Vulnerability - Windows
2009-11-13 00:00:00
nessus
nessus
Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)
2009-11-04 00:00:00
Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)
2013-02-22 00:00:00
redhat
redhat
(RHSA-2009:1560) Critical: java-1.6.0-sun security update
2009-11-09 00:00:00
vmware
vmware
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6
Confidence
Low
EPSS
0.003
Percentile
71.4%
Related for CVE-2009-3886