Oval Definition:oval:org.opensuse.security:def:20093866
Revision Date:2022-05-20Version:1
Title:CVE-2009-3866
Description:

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2009-3866
Mitre CVE-2009-3866
SUSE CVE-2009-3866
SUSE-SA:2009:058
SUSE-SA:2009:058
SUSE-SA:2010:004
SUSE-SA:2010:004
Platform(s):openSUSE 11.0
openSUSE 11.1
openSUSE 11.2
SUSE Linux Enterprise 11 Moblin 2.0
SUSE Linux Enterprise Desktop 11 GA
SUSE Linux Enterprise SDK 11 GA
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 GA
SUSE Linux Enterprise Server for SAP Applications 11
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Server 11 is installed
  • AND Package Information
  • java-1_6_0-ibm-1.6.0_sr7.0-1.1 is installed
  • OR java-1_6_0-ibm-alsa-1.6.0-124.6 is installed
  • OR java-1_6_0-ibm-alsa-x86-1.6.0-124.7 is installed
  • OR java-1_6_0-ibm-fonts-1.6.0_sr7.0-1.1 is installed
  • OR java-1_6_0-ibm-jdbc-1.6.0_sr7.0-1.1 is installed
  • OR java-1_6_0-ibm-plugin-1.6.0-124.6 is installed
  • OR java-1_6_0-ibm-x86-1.6.0-124.7 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 is installed
  • AND Package Information
  • java-1_6_0-ibm-1.6.0_sr7.0-1.1.1 is installed
  • OR java-1_6_0-ibm-alsa-1.6.0_sr7.0-1.1.1 is installed
  • OR java-1_6_0-ibm-alsa-x86-1.6.0-124.7.1 is installed
  • OR java-1_6_0-ibm-fonts-1.6.0_sr7.0-1.1.1 is installed
  • OR java-1_6_0-ibm-jdbc-1.6.0_sr7.0-1.1.1 is installed
  • OR java-1_6_0-ibm-plugin-1.6.0_sr7.0-1.1.1 is installed
  • OR java-1_6_0-ibm-x86-1.6.0-124.7.1 is installed
  • BACK