7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
JRE proxy implementation is vulnerable to privilege escalation. Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks.
blogs.sun.com/security/entry/advance_notification_of_security_updates5
java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
java.sun.com/javase/6/webnotes/6u15.html
lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
marc.info/?l=bugtraq&m=125787273209737&w=2
secunia.com/advisories/36176
secunia.com/advisories/36180
secunia.com/advisories/36199
secunia.com/advisories/36248
secunia.com/advisories/37300
secunia.com/advisories/37386
secunia.com/advisories/37460
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/35943
www.securitytracker.com/id?1022659
www.us-cert.gov/cas/techalerts/TA09-294A.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/2543
www.vupen.com/english/advisories/2009/3316
access.redhat.com/errata/RHSA-2009:1201
exchange.xforce.ibmcloud.com/vulnerabilities/52337
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7723
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9359
rhn.redhat.com/errata/RHSA-2009-1199.html
rhn.redhat.com/errata/RHSA-2009-1200.html
rhn.redhat.com/errata/RHSA-2009-1201.html