CVE-2009-2475

CWE-200 — Information Exposure7 documents6 sources

Severity

7.8HIGH

EPSS

0.7%

top 28.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java SE

Timeline

PublishedAug 10

Latest updateMay 2

Description

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) A…

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDsun/java_se5.0+1

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-2vx8-fp5p-f94q: Sun Java SE 5↗2022-05-02

▶

CVEList

CVE-2009-2475: Sun Java SE 5↗2009-08-10

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)↗2009-08-05

▶

💬Community

Bugzilla

CVE-2009-2944 ikiwiki: arbitrary file read via crafted TeX commands↗2009-09-01

▶

Bugzilla

CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)↗2009-07-22

▶