Detections
Analytics
CVE-2009-2672
high
Description
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.
References
https://rhn.redhat.com/errata/RHSA-2009-1201.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1199.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9359
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7723
https://exchange.xforce.ibmcloud.com/vulnerabilities/52337
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2009/2543
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
http://www.securitytracker.com/id?1022659
http://www.securityfocus.com/bid/35943
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://secunia.com/advisories/37460
http://secunia.com/advisories/37386
http://secunia.com/advisories/37300
http://secunia.com/advisories/36248
http://secunia.com/advisories/36199
http://secunia.com/advisories/36180
http://secunia.com/advisories/36176
http://marc.info/?l=bugtraq&m=125787273209737&w=2
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html