CVE-2009-2690

CWE-2646 documents6 sources

Severity

5.0MEDIUM

EPSS

4.4%

top 11.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java SE

Timeline

PublishedAug 10

Latest updateMay 2

Description

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsun/java_se6

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-rmg4-9v3x-2qvv: The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-depen↗2022-05-02

▶

CVEList

CVE-2009-2690: The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-depen↗2009-08-10

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

OpenJDK private variable information disclosure (6777487)↗2009-08-05

▶

💬Community

Bugzilla

CVE-2009-2690 OpenJDK private variable information disclosure (6777487)↗2009-07-22

▶