Java Web Start Vulnerability in OpenJDK on Fedora
CVE-2009-1896

Currently unrated

Key Information:

Vendor: Oracle
Status: Openjdk
Vendor: CVE Published:; 10 August 2009

Summary

The Java Web Start framework in IcedTea from OpenJDK prior to specific versions on Fedora allows untrusted code execution. If one of the listed jar files is trusted, it may lead to attackers executing arbitrary code without the typical restrictions. This represents a significant security risk as context-dependent attackers can exploit this flaw by crafting malicious applications.

References

https://bugzilla.redhat.com/show_bug.cgi?id=512101

x_refsource_CONFIRM

http://secunia.com/advisories/36162

third-party-advisoryx_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Timeline

Vulnerability published
Aug 10, 2009
Vulnerability Reserved
Jun 2, 2009