Unrated severityNVD Advisory· Published Nov 5, 2009· Updated Apr 23, 2026
CVE-2009-3865
CVE-2009-3865
Description
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
Affected products
33cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.6.0:update9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.6.0:update9:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.securityfocus.com/bid/36881nvdPatch
- www.vupen.com/english/advisories/2009/3131nvdPatchVendor Advisory
- secunia.com/advisories/37231nvdVendor Advisory
- java.sun.com/javase/6/webnotes/6u17.htmlnvd
- lists.apple.com/archives/security-announce/2009/Dec/msg00000.htmlnvd
- lists.apple.com/archives/security-announce/2009/Dec/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.htmlnvd
- marc.infonvd
- secunia.com/advisories/37239nvd
- secunia.com/advisories/37386nvd
- secunia.com/advisories/37581nvd
- secunia.com/advisories/37841nvd
- security.gentoo.org/glsa/glsa-200911-02.xmlnvd
- support.apple.com/kb/HT3969nvd
- support.apple.com/kb/HT3970nvd
- www.redhat.com/support/errata/RHSA-2009-1694.htmlnvd
- www.securitytracker.com/idnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7562nvd
News mentions
0No linked articles in our index yet.