fkie_nvd - fkie_cve-2009-3865

fkie_cve-2009-3865

Vulnerability from fkie_nvd

Published

2009-11-05 16:30

Modified

2025-04-09 00:30

Severity ?

Summary

The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.

References

URL	Tags
cve@mitre.org	http://java.sun.com/javase/6/webnotes/6u17.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=134254866602253&w=2
cve@mitre.org	http://secunia.com/advisories/37231	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/37239
cve@mitre.org	http://secunia.com/advisories/37386
cve@mitre.org	http://secunia.com/advisories/37581
cve@mitre.org	http://secunia.com/advisories/37841
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200911-02.xml
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1	Patch, Vendor Advisory
cve@mitre.org	http://support.apple.com/kb/HT3969
cve@mitre.org	http://support.apple.com/kb/HT3970
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2009-1694.html
cve@mitre.org	http://www.securityfocus.com/bid/36881	Patch
cve@mitre.org	http://www.securitytracker.com/id?1023244
cve@mitre.org	http://www.vupen.com/english/advisories/2009/3131	Patch, Vendor Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562
af854a3a-2127-422b-91ae-364da2661108	http://java.sun.com/javase/6/webnotes/6u17.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=134254866602253&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37231	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37239
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37386
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37581
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37841
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3969
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3970
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1694.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/36881	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023244
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3131	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562

Impacted products

Vendor	Product	Version
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "AD30DAEB-4893-41CF-A455-B69C463B9337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*",
              "matchCriteriaId": "21D6CE7E-A036-496C-8E08-A87F62B5290A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "FE5F6E90-A942-4468-B763-9606CE073A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "B0ADF941-5E90-498D-A2E2-7DBCF5358D64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "0819F015-FF7B-4C8F-B195-4CB54070BAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "B5CB2234-B196-4F41-9FE9-A1896A57E575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "572A693C-1EEE-4A6C-BA42-B4FB4B28D0FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "7A59AF0A-5335-4650-88DB-5B261FE5E308",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "0B955A34-DCD3-42E2-BC37-88F348EE31F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "A819CA7F-6AA9-4CB0-8577-7F8C751825DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "374CA7F2-A5CE-43A3-8317-EEC605127B98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "0FF2748E-1A9A-4988-91B7-A3A8D2B06CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "E2868B56-7CFA-4E49-9EDC-8A5E4F9D4861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "8CCADCB6-E972-429E-AAA6-44857094AF9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "A86AD5C2-32D1-4C85-A643-A7FF7F46B4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "F79C6897-18C1-43CF-AA05-C73AD57F01FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "90EC6C13-4B37-48E5-8199-A702A944D5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "B6339EF9-97AC-4675-9971-7435A4B31432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "6D1626F8-26F4-4EC5-A486-98808372425F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "FA1BFE3B-3773-426B-9E69-250249E059C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "46621D4B-CA2B-4EAC-884E-9CC9486F2F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "37FED4C9-7501-4DF3-B05E-0B460CBB2D9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "6958538A-0C2E-460F-A130-70515AFBB6A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "ABB1D4B3-54E6-455D-9238-B185DB012A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "360EF765-0C3A-4A13-9DA3-48928BB978E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "FBE651B3-3320-48E7-BDD5-74D3C609162C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "2F435AA3-B716-4B3B-8873-3646E18CA600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "4773DE1C-50EF-4561-B480-74C6BD64D449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "BB2B5C85-D6EE-4C0B-9228-A724D6C780C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "60D59062-997B-44F1-95C6-619823F138A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752."
    },
    {
      "lang": "es",
      "value": "El m\u00e9todo launch en el plugin Deployment Toolkit en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE 6 anteriores a Update 17 permite a los atacantes remotos ejecutar arbitrariamente comandos a trav\u00e9s de una p\u00e1gina web manipulada, tambi\u00e9n conocido como Bug Id 6869752."
    }
  ],
  "id": "CVE-2009-3865",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-11-05T16:30:00.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37239"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37581"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37841"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3969"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3970"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36881"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023244"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3131"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-3865 (GCVE-0-2009-3865)

Vulnerability from cvelistv5

Published

2009-11-05 16:00