Lucene search

[email protected]CVE-2009-2673

HistoryAug 05, 2009 - 7:30 p.m.

CVE-2009-2673

2009-08-0519:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-2673

proxy mechanism

sun java

jre

jdk

remote attackers

access restrictions

4.4 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.

CPENameOperatorVersion
sun:jdksun jdkeq5.0
sun:jresun jreeq5.0
sun:jresun jreeq6
sun:jdksun jdkeq6

CPE	Name	Operator	Version
sun:jdk	sun jdk	eq	5.0
sun:jre	sun jre	eq	5.0
sun:jre	sun jre	eq	6
sun:jdk	sun jdk	eq	6

References

java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

java.sun.com/javase/6/webnotes/6u15.html

lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

marc.info/?l=bugtraq&m=125787273209737&w=2

osvdb.org/56785

secunia.com/advisories/36162

secunia.com/advisories/36176

secunia.com/advisories/36180

secunia.com/advisories/36199

secunia.com/advisories/36248

secunia.com/advisories/37300

secunia.com/advisories/37386

secunia.com/advisories/37460

security.gentoo.org/glsa/glsa-200911-02.xml

sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1

www.mandriva.com/security/advisories?name=MDVSA-2009:209

www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/35943

www.securitytracker.com/id?1022659

www.us-cert.gov/cas/techalerts/TA09-294A.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/2543

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/52338

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10263

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8558

rhn.redhat.com/errata/RHSA-2009-1199.html

rhn.redhat.com/errata/RHSA-2009-1200.html

rhn.redhat.com/errata/RHSA-2009-1201.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

4.4 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Related for CVE-2009-2673

prion3 veracode1 ubuntucve2 cve2 openvas33 redhat7 nessus38 suse2 oraclelinux1 centos1 securityvulns3 fedora2 ubuntu1 oracle1 vmware4 gentoo1