CVE-2009-2689

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

References

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

http://java.sun.com/javase/6/webnotes/6u15.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://secunia.com/advisories/36162

http://secunia.com/advisories/36180

http://secunia.com/advisories/36199

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

http://www.vupen.com/english/advisories/2009/2543

https://bugzilla.redhat.com/show_bug.cgi?id=513222

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9603

https://rhn.redhat.com/errata/RHSA-2009-1199.html

https://rhn.redhat.com/errata/RHSA-2009-1201.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

Details

Source: MITRE

Published: 2009-08-10

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:sun:java_se:*:20:*:*:*:*:*:* versions up to 5.0 (inclusive)

cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:* versions up to 6 (inclusive)

cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
107921Solaris 10 (x86) : 125139-75NessusSolaris Local Security Checks
critical
107920Solaris 10 (x86) : 125139-71NessusSolaris Local Security Checks
critical
107298Solaris 10 (sparc) : 118667-61NessusSolaris Local Security Checks
critical
67905Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1201)NessusOracle Linux Local Security Checks
critical
60633Scientific Linux Security Update : java-1.6.0-openjdk on SL5.3 i386/x86_64NessusScientific Linux Local Security Checks
critical
53539RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)NessusRed Hat Local Security Checks
critical
43774CentOS 5 : java-1.6.0-openjdk (CESA-2009:1201)NessusCentOS Local Security Checks
critical
42834GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
41623openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330)NessusSuSE Local Security Checks
critical
41622openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330)NessusSuSE Local Security Checks
critical
40873Mac OS X : Java for Mac OS X 10.5 Update 5NessusMacOS X Local Security Checks
high
40748RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1199)NessusRed Hat Local Security Checks
critical
40694Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)NessusMandriva Local Security Checks
critical
40547Ubuntu 8.10 / 9.04 : openjdk-6 vulnerabilities (USN-814-1)NessusUbuntu Local Security Checks
critical
40515Fedora 10 : java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 (2009-8337)NessusFedora Local Security Checks
critical
40510RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1201)NessusRed Hat Local Security Checks
critical
40507Fedora 11 : java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 (2009-8329)NessusFedora Local Security Checks
critical
27034Solaris 9 (x86) : 125139-97NessusSolaris Local Security Checks
critical
27016Solaris 8 (x86) : 125139-97NessusSolaris Local Security Checks
critical
26996Solaris 10 (x86) : 125139-97 (deprecated)NessusSolaris Local Security Checks
critical
19460Solaris 9 (sparc) : 118667-86NessusSolaris Local Security Checks
critical
19456Solaris 8 (sparc) : 118667-86NessusSolaris Local Security Checks
critical
19444Solaris 10 (sparc) : 118667-86 (deprecated)NessusSolaris Local Security Checks
critical