7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.006 Low
EPSS
Percentile
79.0%
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might
allow context-dependent attackers to obtain sensitive information via
vectors involving static variables that are declared without the final
keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3)
AccessibleResourceBundle.getContents, (4)
ImageReaderSpi.STANDARD_INPUT_TYPE, (5)
ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7)
DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9)
AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap,
(11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a
different vulnerability than CVE-2009-2673.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | openjdk-6 | < 6b18-1.8.2-4ubuntu1~8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | openjdk-6 | < 6b12-0ubuntu6.5 | UNKNOWN |
ubuntu | 9.04 | noarch | openjdk-6 | < 6b14-1.4.1-0ubuntu11 | UNKNOWN |
ubuntu | 8.04 | noarch | sun-java6 | < 6.20dlj-0ubuntu1.8.04 | UNKNOWN |
ubuntu | 9.04 | noarch | sun-java6 | < 6.20dlj-0ubuntu1.9.04 | UNKNOWN |
ubuntu | 9.10 | noarch | sun-java6 | < 6-15-1 | UNKNOWN |
ubuntu | 10.04 | noarch | sun-java6 | < 6-15-1 | UNKNOWN |
sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1
sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1
launchpad.net/bugs/cve/CVE-2009-2475
nvd.nist.gov/vuln/detail/CVE-2009-2475
security-tracker.debian.org/tracker/CVE-2009-2475
ubuntu.com/security/notices/USN-814-1
www.cve.org/CVERecord?id=CVE-2009-2475