CVE-2009-2676
Java SE JDK and JRE < 1.5.0 and < 1.6.0 - Arbitrary File Creation or Modification via JNLPAppletLauncher
Title source: llmDescription
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
References (23)
Core 23
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1200.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1199.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/56789
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37460
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022657
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200911-02.xml
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=125787273209737&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36199
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36248
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263490-1
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35946
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
Patch x_refsource_confirm
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36176
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37300
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37386
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8453
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316
Scores
EPSS
0.1779
EPSS Percentile
95.2%
Details
Status
published
Products (6)
sun/java_se
(2 CPE variants)
sun/jdk
1.5.0 (20 CPE variants)
sun/jdk
1.6.0 update_10 (11 CPE variants)
sun/jdk
< 1.5.0
sun/jdk
< 1.6.0
sun/jre
1.5.0 (15 CPE variants)
Published
Aug 05, 2009
Tracked Since
Feb 18, 2026