CVE-2009-1896
OpenJDK < 1.6.0.0 - Remote Code Execution via Java Web Start Framework
Title source: manualDescription
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
References (5)
Core 5
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=512101
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36162
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
Scores
EPSS
0.0104
EPSS Percentile
77.6%
Details
CWE
CWE-264
Status
published
Products (1)
sun/openjdk
< 1.6.0.0
Published
Aug 10, 2009
Tracked Since
Feb 18, 2026