CVE-2009-1896

Published: Aug 10, 2009Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

Affected (1)

Products: Sun: Openjdk

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Sun Openjdk	Up to 1.6.0.0

Running on/with	Platform Versions
Fedoraproject Fedora	Version 10
Fedoraproject Fedora	Version 11

Related CWEs

References (10)

http://secunia.com/advisories/36162

Source: secalert@redhat.com

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=512101

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

Source: secalert@redhat.com

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

Source: secalert@redhat.com

http://secunia.com/advisories/36162

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=512101

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.