Vulnerability Details : CVE-2009-3865
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
Products affected by CVE-2009-3865
- cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*
Threat overview for CVE-2009-3865
Top countries where our scanners detected CVE-2009-3865
Top open port discovered on systems with this issue
80
IPs affected by CVE-2009-3865 719
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-3865!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-3865
1.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3865
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-3865
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3865
-
http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
-
http://support.apple.com/kb/HT3969
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1
Patch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2009-1694.html
Support
-
http://support.apple.com/kb/HT3970
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562
-
http://www.vupen.com/english/advisories/2009/3131
Patch;Vendor Advisory
-
http://java.sun.com/javase/6/webnotes/6u17.html
Java SE 6 Update 17 Release Notes
-
http://security.gentoo.org/glsa/glsa-200911-02.xml
Sun JDK/JRE: Multiple vulnerabilities (GLSA 200911-02) — Gentoo security
-
http://marc.info/?l=bugtraq&m=134254866602253&w=2
'[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JD' - MARC
-
http://www.securityfocus.com/bid/36881
Sun Java SE November 2009 Multiple Security VulnerabilitiesPatch
-
http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
-
http://www.securitytracker.com/id?1023244
Jump to