CVE-2009-3886JRE vulnerability

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 36.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN JRE
Timeline
PublishedNov 9
Latest updateMay 2

Description

The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDsun/jre1.6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-87v3-hpq8-qpc6: The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1)2022-05-02
CVEList
CVE-2009-3886: The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1)2009-11-09

📋Vendor Advisories

1
Red Hat
REGRESSION: have problem to run JNLP app and applets with signed Jar files (6870531)2009-11-03

💬Community

1
Bugzilla
CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar files (6870531)2009-11-04
CVE-2009-3886 — SUN JRE vulnerability | cvebase