CVE-2009-2476

CWE-2646 documents6 sources

Severity

10.0CRITICAL

EPSS

1.7%

top 17.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java SE

Timeline

PublishedAug 10

Latest updateMay 2

Description

The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDsun/java_se6

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-f3mh-84r7-6579: The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which a↗2022-05-02

▶

CVEList

CVE-2009-2476: The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which a↗2009-08-10

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

OpenJDK OpenType checks can be bypassed (6736293)↗2009-08-05

▶

💬Community

Bugzilla

CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)↗2009-07-22

▶