Lucene search

[email protected]CVE-2009-2670

HistoryAug 05, 2009 - 7:30 p.m.

CVE-2009-2670

2009-08-0519:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-2670

sun java

jdk

jre

update 15

update 20

information disclosure

nvd

4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

CPENameOperatorVersion
sun:jdksun jdkeq5.0
sun:jresun jreeq5.0
sun:jresun jreeq6
sun:jdksun jdkeq6

CPE	Name	Operator	Version
sun:jdk	sun jdk	eq	5.0
sun:jre	sun jre	eq	5.0
sun:jre	sun jre	eq	6
sun:jdk	sun jdk	eq	6

References

java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

java.sun.com/javase/6/webnotes/6u15.html

lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

marc.info/?l=bugtraq&m=125787273209737&w=2

osvdb.org/56788

secunia.com/advisories/36162

secunia.com/advisories/36176

secunia.com/advisories/36180

secunia.com/advisories/36199

secunia.com/advisories/36248

secunia.com/advisories/37300

secunia.com/advisories/37386

secunia.com/advisories/37460

security.gentoo.org/glsa/glsa-200911-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1

www.mandriva.com/security/advisories?name=MDVSA-2009:209

www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/35939

www.securitytracker.com/id?1022658

www.us-cert.gov/cas/techalerts/TA09-294A.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/2543

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/52306

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022

rhn.redhat.com/errata/RHSA-2009-1199.html

rhn.redhat.com/errata/RHSA-2009-1200.html

rhn.redhat.com/errata/RHSA-2009-1201.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

Social References

4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2009-2670

veracode1 prion2 ubuntucve1 seebug1 openvas33 redhat7 nessus38 suse2 cve1 oraclelinux1 centos1 securityvulns3 fedora2 ubuntu1 oracle1 vmware4 gentoo1