← Back

CVE-2009-3865

nvd nist
Published: Nov 5, 2009Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.

Affected (33)

Products: Sun: Jdk, Jre
Sun
2 products
Jdk
Jre
Configuration A
33 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Jdk
Version 1.6.0 update10
Jdk
Version 1.6.0 update11
Jdk
Version 1.6.0 update12
Jdk
Version 1.6.0 update13
Jdk
Version 1.6.0 update14
Jdk
Version 1.6.0 update15
Jdk
Version 1.6.0 update16
Jdk
Version 1.6.0 update1
Jdk
Version 1.6.0 update1_b06
Jdk
Version 1.6.0 update2
Jdk
Version 1.6.0 update3
Jdk
Version 1.6.0 update4
Jdk
Version 1.6.0 update5
Jdk
Version 1.6.0 update6
Jdk
Version 1.6.0 update7
Jdk
Version 1.6.0 update8
Jdk
Version 1.6.0 update9
Sun
Jre
Version 1.6.0 update10
Jre
Version 1.6.0 update11
Jre
Version 1.6.0 update12
Jre
Version 1.6.0 update13
Jre
Version 1.6.0 update14
Jre
Version 1.6.0 update15
Jre
Version 1.6.0 update16
Jre
Version 1.6.0 update4
Jre
Version 1.6.0 update5
Jre
Version 1.6.0 update6
Jre
Version 1.6.0 update7
Jre
Version 1.6.0 update8
Jre
Version 1.6.0 update9
Jre
Version 1.6.0 update_1
Jre
Version 1.6.0 update_2
Jre
Version 1.6.0 update_3

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (38)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.