PT-2009-5071 · Sun+2 · Java Se+4
Published
2009-08-05
·
Updated
2018-10-30
·
CVE-2009-2676
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java SE versions prior to JDK and JRE 6 Update 15
Sun Java SE versions prior to JDK and JRE 5.0 Update 20
Java SE for Business in SDK and JRE versions prior to 1.4.2 22
Description
The issue allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. This can be achieved by exploiting an unspecified vulnerability in JNLPAppletlauncher.
Recommendations
For Sun Java SE versions prior to JDK and JRE 6 Update 15, update to JDK and JRE 6 Update 15 or later.
For Sun Java SE versions prior to JDK and JRE 5.0 Update 20, update to JDK and JRE 5.0 Update 20 or later.
For Java SE for Business in SDK and JRE versions prior to 1.4.2 22, update to SDK and JRE 1.4.2 22 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hp-Ux
Jdk
Jre
Java Platform
Java Se