New Search

Java Web Start Improper Handling of Signed JAR Files

oval:org.mitre.oval:def:6794

The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet which has unspecified impact and attack vectors related to a "regression" aka Bug Id 6870531.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 4.0
Class:
vulnerability
Reference(s):
  • CVE-2009-3886
Product(s):