Published: 10/08/2009 Updated: 19/09/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent malicious users to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun java se
sun openjdk

It was discovered that the XML HMAC signature system did not correctly check certain lengths If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217) ...

Synopsis Critical: java-150-sun security update Type/Severity Security Advisory: Critical Topic Updated java-150-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...

Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that correct several security issues arenow available for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThis update has been rated as having critical security impact by t ...

Synopsis Important: java-160-openjdk security and bug fix update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues and abug are now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by ...

CWE-200 http://java.sun.com/javase/6/webnotes/6u15.html https://rhn.redhat.com/errata/RHSA-2009-1201.html http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1 http://secunia.com/advisories/36176 http://secunia.com/advisories/36199 https://rhn.redhat.com/errata/RHSA-2009-1199.html http://java.sun.com/j2se/1.5.0/ReleaseNotes.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 https://bugzilla.redhat.com/show_bug.cgi?id=513215 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html http://secunia.com/advisories/36162 https://rhn.redhat.com/errata/RHSA-2009-1200.html http://secunia.com/advisories/36180 http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://www.vupen.com/english/advisories/2009/2543 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://security.gentoo.org/glsa/glsa-200911-02.xml http://secunia.com/advisories/37386 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10221 https://usn.ubuntu.com/814-1/https://nvd.nist.gov

CVE-2009-2475

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect