CVE-2009-1896

Published: 8/10/2009 Last updated: 8/7/2024 Reserved: 6/2/2009

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (1)

conf-openjdk

Products affected (0)

No product listed.

References (20)

https://bugzilla.redhat.com/show_bug.cgi?id=512101
http://secunia.com/advisories/36162
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
https://bugzilla.redhat.com/show_bug.cgi?id=512101
http://secunia.com/advisories/36162
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
https://bugzilla.redhat.com/show_bug.cgi?id=512101
http://secunia.com/advisories/36162
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
https://bugzilla.redhat.com/show_bug.cgi?id=512101
http://secunia.com/advisories/36162
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html