Lucene search
HistoryNov 09, 2009 - 7:30 p.m.
CVE-2009-3886
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0.003
Percentile
71.4%
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a “regression,” aka Bug Id 6870531.
Affected configurations
Node
sunjreRange≤1.6.0update_16
ORsunjreMatch1.6.0update_1
ORsunjreMatch1.6.0update_10
ORsunjreMatch1.6.0update_11
ORsunjreMatch1.6.0update_12
ORsunjreMatch1.6.0update_13
ORsunjreMatch1.6.0update_14
ORsunjreMatch1.6.0update_15
ORsunjreMatch1.6.0update_2
ORsunjreMatch1.6.0update_3
ORsunjreMatch1.6.0update_4
ORsunjreMatch1.6.0update_5
ORsunjreMatch1.6.0update_6
ORsunjreMatch1.6.0update_7
ORsunjreMatch1.6.0update_8
ORsunjreMatch1.6.0update_9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sun | jre | * | cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:* |
| sun | jre | 1.6.0 | cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:* |
Related
cve
cve
CVE-2009-3886
2009-11-09 19:30:00
cvelist
cvelist
CVE-2009-3886
2009-11-09 19:00:00
ubuntucve
ubuntucve
CVE-2009-3886
2009-11-09 00:00:00
prion
prion
Design/Logic Flaw
2009-11-09 19:30:00
openvas
openvas
Sun Java JRE Remote Code Execution Vulnerability (Linux)
2009-11-13 00:00:00
Sun Java JRE Remote Code Execution Vulnerability (Windows)
2009-11-13 00:00:00
Sun Java JRE < 6 Update 17 RCE Vulnerability - Windows
2009-11-13 00:00:00
nessus
nessus
Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)
2009-11-04 00:00:00
Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)
2013-02-22 00:00:00
redhat
redhat
(RHSA-2009:1560) Critical: java-1.6.0-sun security update
2009-11-09 00:00:00
vmware
vmware
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
VMware vCenter update release addresses multiple security issues in Java JRE
2010-01-29 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0.003
Percentile
71.4%
Related for NVD:CVE-2009-3886