Vulnerability Description
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 10 |
| Sun | Openjdk | <= 1.6.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/36162Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
- https://bugzilla.redhat.com/show_bug.cgi?id=512101
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.htmVendor Advisory
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.htm
- http://secunia.com/advisories/36162Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
- https://bugzilla.redhat.com/show_bug.cgi?id=512101
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.htmVendor Advisory
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.htm
FAQ
What is CVE-2009-1896?
CVE-2009-1896 is a vulnerability with a CVSS score of 10.0 (HIGH). The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed ja...
How severe is CVE-2009-1896?
CVE-2009-1896 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1896?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Sun Openjdk.