CVE Vulnerabilities

CVE-2009-3886

Published: Nov 09, 2009 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
6.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a regression, aka Bug Id 6870531.

Affected Software

Name Vendor Start Version End Version
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun * 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Jre Sun 1.6.0 1.6.0
Extras for RHEL 4 RedHat java-1.6.0-sun-1:1.6.0.17-1jpp.1.el4 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.6.0-sun-1:1.6.0.17-1jpp.2.el5 *
Sun-java5 Ubuntu dapper *
Sun-java6 Ubuntu hardy *
Sun-java6 Ubuntu jaunty *
Sun-java6 Ubuntu karmic *
Sun-java6 Ubuntu lucid *
Sun-java6 Ubuntu upstream *

References