Lucene search

K
nvd[email protected]NVD:CVE-2009-3866
HistoryNov 05, 2009 - 4:30 p.m.

CVE-2009-3866

2009-11-0516:30:00
CWE-264
web.nvd.nist.gov
10

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.103

Percentile

95.0%

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

Affected configurations

Nvd
Node
sunjdkMatch1.6.0update_1
OR
sunjdkMatch1.6.0update_10
OR
sunjdkMatch1.6.0update_11
OR
sunjdkMatch1.6.0update_12
OR
sunjdkMatch1.6.0update_13
OR
sunjdkMatch1.6.0update_14
OR
sunjdkMatch1.6.0update_15
OR
sunjdkMatch1.6.0update_16
OR
sunjdkMatch1.6.0update_3
OR
sunjdkMatch1.6.0update_4
OR
sunjdkMatch1.6.0update_5
OR
sunjdkMatch1.6.0update_6
OR
sunjdkMatch1.6.0update_7
OR
sunjdkMatch1.6.0update_8
OR
sunjdkMatch1.6.0update_9
OR
sunjreMatch1.6.0update_1
OR
sunjreMatch1.6.0update_10
OR
sunjreMatch1.6.0update_11
OR
sunjreMatch1.6.0update_12
OR
sunjreMatch1.6.0update_13
OR
sunjreMatch1.6.0update_14
OR
sunjreMatch1.6.0update_15
OR
sunjreMatch1.6.0update_16
OR
sunjreMatch1.6.0update_2
OR
sunjreMatch1.6.0update_3
OR
sunjreMatch1.6.0update_4
OR
sunjreMatch1.6.0update_5
OR
sunjreMatch1.6.0update_6
OR
sunjreMatch1.6.0update_7
OR
sunjreMatch1.6.0update_8
OR
sunjreMatch1.6.0update_9
VendorProductVersionCPE
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
sunjdk1.6.0cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
Rows per page:
1-10 of 311

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.103

Percentile

95.0%