CVE-2009-2671

critical

Description

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

References

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

https://rhn.redhat.com/errata/RHSA-2009-1201.html

https://rhn.redhat.com/errata/RHSA-2009-1200.html

https://rhn.redhat.com/errata/RHSA-2009-1199.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115

https://exchange.xforce.ibmcloud.com/vulnerabilities/52336

http://www.vupen.com/english/advisories/2009/3316

http://www.vupen.com/english/advisories/2009/2543

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.us-cert.gov/cas/techalerts/TA09-294A.html

http://www.securitytracker.com/id?1022659

http://www.securityfocus.com/bid/35943

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://secunia.com/advisories/37460

http://secunia.com/advisories/37386

http://secunia.com/advisories/37300

http://secunia.com/advisories/36248

http://secunia.com/advisories/36199

http://secunia.com/advisories/36180

http://secunia.com/advisories/36176

http://secunia.com/advisories/36162

http://marc.info/?l=bugtraq&m=125787273209737&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

http://java.sun.com/javase/6/webnotes/6u15.html

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

Details

Source: Mitre, NVD

Published: 2009-08-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical