CVE-2009-3865

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 05 Nov 2009, 16:00
Last modified:07 Aug 2024, 06:45

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.3 HIGH
v2.0 (nvd)
EPSS Score
1.77% LOW
2% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

05 Nov 2009, 16:00
Published
Vulnerability first disclosed
07 Aug 2024, 06:45
Last Modified
Vulnerability information updated

Description

The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.

CVSS Metrics

  • v2.0HIGHScore: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 1.77% Percentile: 83%

Techniques & Countermeasures

  • CWE-94Improper Control of Generation of Code ('Code Injection')

    The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Affected Systems

  • sunjdk

    1.6.0:update1 | 1.6.0:update1_b06 | 1.6.0:update10 | 1.6.0:update11 | 1.6.0:update12 | 1.6.0:update13 | 1.6.0:update14 | 1.6.0:update15 | 1.6.0:update16 | 1.6.0:update2 | 1.6.0:update3 | 1.6.0:update4 | 1.6.0:update5 | 1.6.0:update6 | 1.6.0:update7 | 1.6.0:update8 | 1.6.0:update9

  • sunjre

    1.6.0:update_1 | 1.6.0:update_2 | 1.6.0:update_3 | 1.6.0:update10 | 1.6.0:update11 | 1.6.0:update12 | 1.6.0:update13 | 1.6.0:update14 | 1.6.0:update15 | 1.6.0:update16 | 1.6.0:update4 | 1.6.0:update5 | 1.6.0:update6 | 1.6.0:update7 | 1.6.0:update8 | 1.6.0:update9

References (19)