FKIE_CVE-2009-3865

Vulnerability from fkie_nvd - Published: 2009-11-05 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
References
cve@mitre.orghttp://java.sun.com/javase/6/webnotes/6u17.html
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=134254866602253&w=2
cve@mitre.orghttp://secunia.com/advisories/37231Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/37239
cve@mitre.orghttp://secunia.com/advisories/37386
cve@mitre.orghttp://secunia.com/advisories/37581
cve@mitre.orghttp://secunia.com/advisories/37841
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200911-02.xml
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1Patch, Vendor Advisory
cve@mitre.orghttp://support.apple.com/kb/HT3969
cve@mitre.orghttp://support.apple.com/kb/HT3970
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2009-1694.html
cve@mitre.orghttp://www.securityfocus.com/bid/36881Patch
cve@mitre.orghttp://www.securitytracker.com/id?1023244
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3131Patch, Vendor Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562
af854a3a-2127-422b-91ae-364da2661108http://java.sun.com/javase/6/webnotes/6u17.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134254866602253&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37231Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37239
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37386
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37581
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37841
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200911-02.xml
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3969
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3970
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-1694.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36881Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023244
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3131Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562
Impacted products
Vendor Product Version
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jdk 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
sun jre 1.6.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "AD30DAEB-4893-41CF-A455-B69C463B9337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*",
              "matchCriteriaId": "21D6CE7E-A036-496C-8E08-A87F62B5290A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "FE5F6E90-A942-4468-B763-9606CE073A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "B0ADF941-5E90-498D-A2E2-7DBCF5358D64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "0819F015-FF7B-4C8F-B195-4CB54070BAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "B5CB2234-B196-4F41-9FE9-A1896A57E575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "572A693C-1EEE-4A6C-BA42-B4FB4B28D0FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "7A59AF0A-5335-4650-88DB-5B261FE5E308",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "0B955A34-DCD3-42E2-BC37-88F348EE31F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "A819CA7F-6AA9-4CB0-8577-7F8C751825DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "374CA7F2-A5CE-43A3-8317-EEC605127B98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "0FF2748E-1A9A-4988-91B7-A3A8D2B06CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "E2868B56-7CFA-4E49-9EDC-8A5E4F9D4861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "8CCADCB6-E972-429E-AAA6-44857094AF9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "A86AD5C2-32D1-4C85-A643-A7FF7F46B4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "F79C6897-18C1-43CF-AA05-C73AD57F01FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "09027C19-D442-446F-B7A8-21DB6787CF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "7158D2C0-E9AC-4CD6-B777-EA7B7A181997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "90EC6C13-4B37-48E5-8199-A702A944D5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "B6339EF9-97AC-4675-9971-7435A4B31432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "6D1626F8-26F4-4EC5-A486-98808372425F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*",
              "matchCriteriaId": "FA1BFE3B-3773-426B-9E69-250249E059C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "46621D4B-CA2B-4EAC-884E-9CC9486F2F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*",
              "matchCriteriaId": "37FED4C9-7501-4DF3-B05E-0B460CBB2D9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "6958538A-0C2E-460F-A130-70515AFBB6A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*",
              "matchCriteriaId": "ABB1D4B3-54E6-455D-9238-B185DB012A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "360EF765-0C3A-4A13-9DA3-48928BB978E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "FBE651B3-3320-48E7-BDD5-74D3C609162C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "2F435AA3-B716-4B3B-8873-3646E18CA600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "4773DE1C-50EF-4561-B480-74C6BD64D449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*",
              "matchCriteriaId": "BB2B5C85-D6EE-4C0B-9228-A724D6C780C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "60D59062-997B-44F1-95C6-619823F138A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752."
    },
    {
      "lang": "es",
      "value": "El m\u00e9todo launch en el plugin Deployment Toolkit en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE 6 anteriores a Update 17 permite a los atacantes remotos ejecutar arbitrariamente comandos a trav\u00e9s de una p\u00e1gina web manipulada, tambi\u00e9n conocido como Bug Id 6869752."
    }
  ],
  "id": "CVE-2009-3865",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-11-05T16:30:00.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37239"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37581"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37841"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3969"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3970"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36881"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023244"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3131"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://java.sun.com/javase/6/webnotes/6u17.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/36881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.