CVE-2009-2672 — JDK vulnerability

CWE-2649 documents6 sources

Severity

10.0CRITICALNVD

NVD7.5CNA7.5CNA5.0

EPSS

14.1%

top 5.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE Oracle BEA Product Suite

Timeline

PublishedAug 5

Latest updateMay 2

Description

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDsun/jdk6+2

▶NVDsun/jre6+2

▶NVDoracle/bea_product_suiter27.6.4

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-fj22-5g9h-44w5: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5↗2022-05-02

▶

GHSA

GHSA-9r76-mhm8-f3q4: Unspecified vulnerability in the JRockit component in BEA Product Suite R27↗2022-05-02

▶

CVEList

CVE-2009-3403: Unspecified vulnerability in the JRockit component in BEA Product Suite R27↗2009-10-22

▶

CVEList

CVE-2009-2672: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5↗2009-08-05

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

OpenJDK Proxy mechanism information leaks (6801071)↗2009-08-05

▶

💬Community

Bugzilla

CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)↗2009-07-21

▶