CVE-2009-2670 — JDK vulnerability

CWE-2649 documents6 sources

Severity

10.0CRITICALNVD

NVD5.0CNA5.0

EPSS

3.6%

top 12.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE Oracle BEA Product Suite

Timeline

PublishedAug 5

Latest updateMay 2

Description

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDsun/jdk6+2

▶NVDsun/jre6+2

▶NVDoracle/bea_product_suiter27.6.4

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-6jqw-6g89-r7rg: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5↗2022-05-02

▶

GHSA

GHSA-9r76-mhm8-f3q4: Unspecified vulnerability in the JRockit component in BEA Product Suite R27↗2022-05-02

▶

CVEList

CVE-2009-3403: Unspecified vulnerability in the JRockit component in BEA Product Suite R27↗2009-10-22

▶

CVEList

CVE-2009-2670: The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5↗2009-08-05

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

OpenJDK Untrusted applet System properties access (6738524)↗2009-08-05

▶

💬Community

Bugzilla

CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)↗2009-07-21

▶