CVE-2009-1896

2009-08-1018:30:00

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.009

Percentile

82.4%

JSON

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

Affected configurations

Nvd

Node

fedoraprojectfedoraMatch10

fedoraprojectfedoraMatch11

AND

sunopenjdkRange≤1.6.0.0

VendorProductVersionCPE
fedoraprojectfedora10cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
fedoraprojectfedora11cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
sunopenjdk*cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fedoraproject	fedora	10	cpe:2.3:o:fedoraproject:fedora:10:::::::*
fedoraproject	fedora	11	cpe:2.3:o:fedoraproject:fedora:11:::::::*
sun	openjdk	*	cpe:2.3:a:sun:openjdk::::::::