10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
openjdk is vulnerable to authorization bypass. It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality.
blogs.sun.com/security/entry/advance_notification_of_security_updates5
java.sun.com/j2se/1.5.0/ReleaseNotes.html
java.sun.com/javase/6/webnotes/6u15.html
lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
secunia.com/advisories/36162
secunia.com/advisories/36180
secunia.com/advisories/36199
secunia.com/advisories/37386
security.gentoo.org/glsa/glsa-200911-02.xml
sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1
sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1
www.mandriva.com/security/advisories?name=MDVSA-2009:209
www.redhat.com/security/updates/classification/#important
www.vupen.com/english/advisories/2009/2543
access.redhat.com/errata/RHSA-2009:1201
bugzilla.redhat.com/show_bug.cgi?id=513222
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9603
rhn.redhat.com/errata/RHSA-2009-1199.html
rhn.redhat.com/errata/RHSA-2009-1201.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html