Lucene search

[email protected]CVE-2009-2672

HistoryAug 05, 2009 - 7:30 p.m.

CVE-2009-2672

2009-08-0519:30:00

CWE-264

[email protected]

web.nvd.nist.gov

sun jre

proxy mechanism

browser cookies

security vulnerability

cve-2009-2672

nvd

4.2 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.6%

JSON

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.

CPENameOperatorVersion
sun:jdksun jdkeq5.0
sun:jresun jreeq5.0
sun:jresun jreeq6
sun:jdksun jdkeq6

CPE	Name	Operator	Version
sun:jdk	sun jdk	eq	5.0
sun:jre	sun jre	eq	5.0
sun:jre	sun jre	eq	6
sun:jdk	sun jdk	eq	6

References

java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

java.sun.com/javase/6/webnotes/6u15.html

lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

marc.info/?l=bugtraq&m=125787273209737&w=2

secunia.com/advisories/36176

secunia.com/advisories/36180

secunia.com/advisories/36199

secunia.com/advisories/36248

secunia.com/advisories/37300

secunia.com/advisories/37386

secunia.com/advisories/37460

security.gentoo.org/glsa/glsa-200911-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1

www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/35943

www.securitytracker.com/id?1022659

www.us-cert.gov/cas/techalerts/TA09-294A.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/2543

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/52337

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7723

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9359

rhn.redhat.com/errata/RHSA-2009-1199.html

rhn.redhat.com/errata/RHSA-2009-1200.html

rhn.redhat.com/errata/RHSA-2009-1201.html

Social References

4.2 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.6%

JSON

Related for CVE-2009-2672

prion2 veracode1 ubuntucve1 openvas31 redhat7 nessus37 suse2 cve1 centos1 oraclelinux1 securityvulns3 fedora2 ubuntu1 oracle1 vmware4 gentoo1