Executive Summary

Informations
Name CVE-2009-2676 First vendor Publication 2009-08-05
Vendor Cve Last vendor Modification 2012-10-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8453
 
Oval ID: oval:org.mitre.oval:def:8453
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2676
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22974
 
Oval ID: oval:org.mitre.oval:def:22974
Title: ELSA-2009:1582: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
Family: unix Class: patch
Reference(s): ELSA-2009:1582-01
CVE-2009-2625
CVE-2009-2670
CVE-2009-2671
CVE-2009-2672
CVE-2009-2673
CVE-2009-2674
CVE-2009-2675
CVE-2009-2676
Version: 37
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application33
Application67
Application35

OpenVAS Exploits

DateDescription
2009-11-23Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_200911_02.nasl
2009-11-17Name : RedHat Security Advisory RHSA-2009:1582
File : nvt/RHSA_2009_1582.nasl
2009-11-11Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-08-20Name : Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK - Aug09
File : nvt/gb_sun_java_se_unspecified_vuln_aug09.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1199
File : nvt/RHSA_2009_1199.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1200
File : nvt/RHSA_2009_1200.nasl
2009-08-17Name : Ubuntu USN-814-1 (openjdk-6)
File : nvt/ubuntu_814_1.nasl
2009-08-17Name : SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)
File : nvt/suse_sa_2009_043.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
57431Sun Java JDK / JRE JNLPAppletlauncher Unspecified Arbitrary File Manipulation

Nessus® Vulnerability Scanner

DateDescription
2013-02-22Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2010-03-31Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2009-11-23Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-18Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-11-13Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1582.nasl - Type : ACT_GATHER_INFO
2009-11-05Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-6396.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-6395.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1199.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO
2009-08-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-05Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-81
File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-81
File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-81
File : solaris9_125136.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/35946
BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA09-294A.html
CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
GENTOO http://security.gentoo.org/glsa/glsa-200911-02.xml
HP http://marc.info/?l=bugtraq&m=125787273209737&w=2
http://marc.info/?l=bugtraq&m=125787273209737&w=2
OSVDB http://osvdb.org/56789
REDHAT https://rhn.redhat.com/errata/RHSA-2009-1199.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
SECTRACK http://www.securitytracker.com/id?1022657
SECUNIA http://secunia.com/advisories/36176
http://secunia.com/advisories/36199
http://secunia.com/advisories/36248
http://secunia.com/advisories/37300
http://secunia.com/advisories/37386
http://secunia.com/advisories/37460
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-263490-1
SUSE http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
VUPEN http://www.vupen.com/english/advisories/2009/3316

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:51:01
  • Multiple Updates
2013-05-10 23:55:08
  • Multiple Updates