VYPR
Unrated severityNVD Advisory· Published Aug 10, 2009· Updated Jun 16, 2026

CVE-2009-1896

CVE-2009-1896

Description

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
    Range: <=1.6.0.0
  • Openjdk/OpenJDKllm-fuzzy
    Range: <1.6.0.0-20.b16.fc10 (Fedora 10) and <1.6.0.0-27.b16.fc11 (Fedora 11)
  • Red Hat/Icedteallm-fuzzy
    Range: <1.6.0.0-20.b16.fc10 (Fedora 10) and <1.6.0.0-27.b16.fc11 (Fedora 11)

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.