PRIOn knowledge basePRION:CVE-2009-2670Information disclosure
6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.01 Low
EPSS
Percentile
83.3%
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jdk | eq | 5.0 update-12 | |
| jdk | eq | 5.0 update-15 | |
| jdk | eq | 5.0 update-3 | |
| jdk | eq | 5.0 update-11 | |
| jdk | eq | 6 update-6 | |
| jdk | eq | 6 update-7 | |
| jdk | eq | 5.0 update-8 | |
| jdk | eq | 6 update-11 | |
| jdk | eq | 5.0 update-1 | |
| jdk | eq | 5.0 update-17 |
References
java.sun.com/j2se/1.5.0/ReleaseNotes.html
java.sun.com/javase/6/webnotes/6u15.html
lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
osvdb.org/56788
secunia.com/advisories/36162
secunia.com/advisories/36176
secunia.com/advisories/36180
secunia.com/advisories/36199
secunia.com/advisories/36248
secunia.com/advisories/37300
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
www.mandriva.com/security/advisories?name=MDVSA-2009:209
www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/35939
www.securitytracker.com/id?1022658
www.us-cert.gov/cas/techalerts/TA09-294A.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/2543
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/52306
marc.info/?l=bugtraq&m=125787273209737&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022
rhn.redhat.com/errata/RHSA-2009-1199.html
rhn.redhat.com/errata/RHSA-2009-1200.html
rhn.redhat.com/errata/RHSA-2009-1201.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
Related
6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.01 Low
EPSS
Percentile
83.3%