CVE-2009-3886

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-3886
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://java.sun.com/javase/6/webnotes/6u17.html Vendor Advisory
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
https://bugzilla.redhat.com/show_bug.cgi?id=532914
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794
http://java.sun.com/javase/6/webnotes/6u17.html Vendor Advisory
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
https://bugzilla.redhat.com/show_bug.cgi?id=532914
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:jre:*:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
History

21 Nov 2024, 01:08

Type Values Removed Values Added
References () http://java.sun.com/javase/6/webnotes/6u17.html - Vendor Advisory () http://java.sun.com/javase/6/webnotes/6u17.html - Vendor Advisory
References () http://secunia.com/advisories/37386 - () http://secunia.com/advisories/37386 -
References () http://security.gentoo.org/glsa/glsa-200911-02.xml - () http://security.gentoo.org/glsa/glsa-200911-02.xml -
References () https://bugzilla.redhat.com/show_bug.cgi?id=532914 - () https://bugzilla.redhat.com/show_bug.cgi?id=532914 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6794 -
Information

Published : 2009-11-09 19:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-3886

Mitre link : CVE-2009-3886

CVE.ORG link : CVE-2009-3886

JSON object : View

Products Affected

sun

  • jre
CWE
NVD-CWE-noinfo