CVE-2009-2673Sensitive Information Exposure in Java SE

CWE-264CWE-200Sensitive Information Exposure13 documents6 sources
Severity
10.0CRITICALNVD
NVD7.8NVD7.5CNA7.8CNA7.5CNA5.0
EPSS
11.4%
top 6.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SUN Java SESUN JDKSUN JRE+1 more
Timeline
PublishedAug 5
Latest updateMay 2

Description

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDsun/java_se5.0+1
NVDsun/jdk6+2
NVDsun/jre6+2

Patches

Patch: sunsolve.sun.comPatch: sunsolve.sun.comPatch: sunsolve.sun.com

🔴Vulnerability Details

6
GHSA
GHSA-9r76-mhm8-f3q4: Unspecified vulnerability in the JRockit component in BEA Product Suite R272022-05-02
GHSA
GHSA-2vx8-fp5p-f94q: Sun Java SE 52022-05-02
GHSA
GHSA-4rjf-p9gv-749h: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 52022-05-02
CVEList
CVE-2009-3403: Unspecified vulnerability in the JRockit component in BEA Product Suite R272009-10-22
CVEList
CVE-2009-2475: Sun Java SE 52009-08-10

📋Vendor Advisories

3
Ubuntu
OpenJDK vulnerabilities2009-08-11
Red Hat
OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)2009-08-05
Red Hat
OpenJDK proxy mechanism allows non-authorized socket connections (6801497)2009-08-05

💬Community

1
Bugzilla
CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497)2009-07-21
CVE-2009-2673 — Sensitive Information Exposure | cvebase