CVE-2009-2676

Name: CVE-2009-2676
Creator: NVD / NIST
Published: 2009-08-05T19:30:01.313+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.65%

Last modified Jun 16, 2026

CVE-2009-2676 is a vulnerability of currently unknown severity. Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.. EPSS estimates a 3.65% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.

Metrics

EPSS Probability

3.65%

88.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Sun	Java Se	All versions	—
Sun	Jdk	<= 1.5.0	Update19
Sun	Jdk	<= 1.6.0	Update 14
Sun	Jdk	1.5.0	—
Sun	Jdk	1.6.0	Update 10
Sun	Jre	<= 1.5.0	Update19
Sun	Jre	<= 1.6.0	Update 14
Sun	Jre	1.5.0	—
Sun	Jre	1.6.0	Update 1
Sun	Jre	<= 1.4.2_21	—
Sun	Jre	1.4.0	—
Sun	Jre	1.4.0_01	—
Sun	Jre	1.4.0_02	—
Sun	Jre	1.4.0_03	—
Sun	Jre	1.4.0_04	—
Sun	Jre	1.4.1	—
Sun	Jre	1.4.2	—
Sun	Jre	1.4.2_1	—
Sun	Jre	1.4.2_2	—
Sun	Jre	1.4.2_3	—
Sun	Jre	1.4.2_4	—
Sun	Jre	1.4.2_5	—
Sun	Jre	1.4.2_6	—
Sun	Jre	1.4.2_7	—
Sun	Jre	1.4.2_8	—
Sun	Jre	1.4.2_9	—
Sun	Jre	1.4.2_10	—
Sun	Jre	1.4.2_11	—
Sun	Jre	1.4.2_12	—
Sun	Jre	1.4.2_13	—
Sun	Jre	1.4.2_14	—
Sun	Jre	1.4.2_15	—
Sun	Sdk	<= 1.4.2_21	—
Sun	Sdk	1.4.0	—
Sun	Sdk	1.4.0_01	—
Sun	Sdk	1.4.0_02	—
Sun	Sdk	1.4.0_03	—
Sun	Sdk	1.4.0_04	—
Sun	Sdk	1.4.1	—
Sun	Sdk	1.4.1_01	—
Sun	Sdk	1.4.1_02	—
Sun	Sdk	1.4.1_03	—
Sun	Sdk	1.4.1_04	—
Sun	Sdk	1.4.1_05	—
Sun	Sdk	1.4.1_06	—
Sun	Sdk	1.4.1_07	—
Sun	Sdk	1.4.2	—
Sun	Sdk	1.4.2_1	—
Sun	Sdk	1.4.2_2	—
Sun	Sdk	1.4.2_3	—

Showing 50 of 67 affected configurations. See NVD for the full list.

References

Timeline

Published: Aug 5, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-2676?

How severe is CVE-2009-2676?

Severity scoring for CVE-2009-2676 is pending analysis. The EPSS model estimates a 3.65% probability of exploitation in the next 30 days.

How do I fix CVE-2009-2676?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-2676?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST