Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1896

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-1896
Last Modified 26 Aug 2009 01:24:24
Published 10 Aug 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1896

Summary

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

Vulnerable Systems

Application

  • Sun Openjdk 1.6.0.0


References

FEDORA - FEDORA-2009-8337

FEDORA - FEDORA-2009-8329

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=512101

MANDRIVA - MDVSA-2009:209

SECUNIA - 36162


Last Updated: 27 May 2016 10:50:42