CVE-2009-2671

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

References

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

http://java.sun.com/javase/6/webnotes/6u15.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

http://marc.info/?l=bugtraq&m=125787273209737&w=2

http://secunia.com/advisories/36162

http://secunia.com/advisories/36176

http://secunia.com/advisories/36180

http://secunia.com/advisories/36199

http://secunia.com/advisories/36248

http://secunia.com/advisories/37300

http://secunia.com/advisories/37386

http://secunia.com/advisories/37460

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/35943

http://www.securitytracker.com/id?1022659

http://www.us-cert.gov/cas/techalerts/TA09-294A.html

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/2543

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/52336

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259

https://rhn.redhat.com/errata/RHSA-2009-1199.html

https://rhn.redhat.com/errata/RHSA-2009-1200.html

https://rhn.redhat.com/errata/RHSA-2009-1201.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

Details

Source: MITRE

Published: 2009-08-05

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:*:update_13:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:*:update_13:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*

cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
107416Solaris 10 (sparc) : 125136-75NessusSolaris Local Security Checks
critical
107415Solaris 10 (sparc) : 125136-71NessusSolaris Local Security Checks
critical
89736VMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)NessusVMware ESX Local Security Checks
critical
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
67905Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1201)NessusOracle Linux Local Security Checks
critical
64830Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) (Unix)NessusMisc.
critical
60645Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60633Scientific Linux Security Update : java-1.6.0-openjdk on SL5.3 i386/x86_64NessusScientific Linux Local Security Checks
critical
53539RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)NessusRed Hat Local Security Checks
critical
45386VMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRENessusVMware ESX Local Security Checks
critical
44029RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)NessusRed Hat Local Security Checks
critical
43774CentOS 5 : java-1.6.0-openjdk (CESA-2009:1201)NessusCentOS Local Security Checks
critical
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
42834GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
42790RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1582)NessusRed Hat Local Security Checks
critical
42396SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1497)NessusSuSE Local Security Checks
critical
42008openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6395)NessusSuSE Local Security Checks
critical
42007openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6396)NessusSuSE Local Security Checks
critical
41623openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330)NessusSuSE Local Security Checks
critical
41622openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330)NessusSuSE Local Security Checks
critical
41408SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1163)NessusSuSE Local Security Checks
critical
40873Mac OS X : Java for Mac OS X 10.5 Update 5NessusMacOS X Local Security Checks
high
40814RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1236)NessusRed Hat Local Security Checks
critical
40749RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1200)NessusRed Hat Local Security Checks
critical
40748RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1199)NessusRed Hat Local Security Checks
critical
40694Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)NessusMandriva Local Security Checks
critical
40547Ubuntu 8.10 / 9.04 : openjdk-6 vulnerabilities (USN-814-1)NessusUbuntu Local Security Checks
critical
40527openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1161)NessusSuSE Local Security Checks
critical
40526openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1162)NessusSuSE Local Security Checks
critical
40525openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1161)NessusSuSE Local Security Checks
critical
40524openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1162)NessusSuSE Local Security Checks
critical
40515Fedora 10 : java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 (2009-8337)NessusFedora Local Security Checks
critical
40510RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1201)NessusRed Hat Local Security Checks
critical
40507Fedora 11 : java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 (2009-8329)NessusFedora Local Security Checks
critical
40495Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..)NessusWindows
high
27020Solaris 9 (sparc) : 125136-97NessusSolaris Local Security Checks
critical
27008Solaris 8 (sparc) : 125136-97NessusSolaris Local Security Checks
critical
26984Solaris 10 (sparc) : 125136-97 (deprecated)NessusSolaris Local Security Checks
critical