CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
83.7%
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
Vendor | Product | Version | CPE |
---|---|---|---|
sun | jdk | * | cpe:2.3:a:sun:jdk:*:update_13:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:* |
sun | jdk | 5.0 | cpe:2.3:a:sun:jdk:5.0:update_17:*:*:*:*:*:* |
java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
java.sun.com/javase/6/webnotes/6u15.html
lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
marc.info/?l=bugtraq&m=125787273209737&w=2
osvdb.org/56788
secunia.com/advisories/36162
secunia.com/advisories/36176
secunia.com/advisories/36180
secunia.com/advisories/36199
secunia.com/advisories/36248
secunia.com/advisories/37300
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
www.mandriva.com/security/advisories?name=MDVSA-2009:209
www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/35939
www.securitytracker.com/id?1022658
www.us-cert.gov/cas/techalerts/TA09-294A.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/2543
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/52306
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022
rhn.redhat.com/errata/RHSA-2009-1199.html
rhn.redhat.com/errata/RHSA-2009-1200.html
rhn.redhat.com/errata/RHSA-2009-1201.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html