CVE-2009-2671

MEDIUM

Description

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

References

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

http://java.sun.com/javase/6/webnotes/6u15.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

http://marc.info/?l=bugtraq&m=125787273209737&w=2

http://secunia.com/advisories/36162

http://secunia.com/advisories/36176

http://secunia.com/advisories/36180

http://secunia.com/advisories/36199

http://secunia.com/advisories/36248

http://secunia.com/advisories/37300

http://secunia.com/advisories/37386

http://secunia.com/advisories/37460

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/35943

http://www.securitytracker.com/id?1022659

http://www.us-cert.gov/cas/techalerts/TA09-294A.html

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/2543

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/52336

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259

https://rhn.redhat.com/errata/RHSA-2009-1199.html

https://rhn.redhat.com/errata/RHSA-2009-1200.html

https://rhn.redhat.com/errata/RHSA-2009-1201.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

Details

Source: MITRE

Published: 2009-08-05

Updated: 2018-10-10

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM