Vulnerability Details : CVE-2009-1896
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
Vulnerability category: Execute code
Products affected by CVE-2009-1896
- cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1896
0.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1896
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-1896
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1896
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Page not found - Mandriva.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=512101
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11Vendor Advisory
Jump to