CVE-2009-2671 — JDK vulnerability

9 documents6 sources

Severity

10.0CRITICALNVD

NVD5.0CNA5.0

EPSS

6.7%

top 8.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE Oracle BEA Product Suite

Timeline

PublishedAug 5

Latest updateMay 2

Description

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDsun/jdk6+2

▶NVDsun/jre6+2

▶NVDoracle/bea_product_suiter27.6.4

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-4xx5-2cr7-4qrq: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5↗2022-05-02

▶

GHSA

GHSA-9r76-mhm8-f3q4: Unspecified vulnerability in the JRockit component in BEA Product Suite R27↗2022-05-02

▶

CVEList

CVE-2009-3403: Unspecified vulnerability in the JRockit component in BEA Product Suite R27↗2009-10-22

▶

CVEList

CVE-2009-2671: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5↗2009-08-05

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

OpenJDK Proxy mechanism information leaks (6801071)↗2009-08-05

▶

💬Community

Bugzilla

CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)↗2009-07-21

▶