Executive Summary

Informations
NameCVE-2009-2671First vendor Publication2009-08-05
VendorCveLast vendor Modification2012-10-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8259
 
Oval ID: oval:org.mitre.oval:def:8259
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2671
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11115
 
Oval ID: oval:org.mitre.oval:def:11115
Title: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Description: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2671
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application30
Application31

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for java CESA-2009:1201 centos5 i386
File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl
2010-05-28Name : Java for Mac OS X 10.5 Update 5
File : nvt/macosx_java_for_10_5_upd_5.nasl
2009-11-23Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_200911_02.nasl
2009-11-17Name : RedHat Security Advisory RHSA-2009:1582
File : nvt/RHSA_2009_1582.nasl
2009-11-11Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-10-19Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-09-02Name : RedHat Security Advisory RHSA-2009:1236
File : nvt/RHSA_2009_1236.nasl
2009-09-02Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_209.nasl
2009-08-20Name : Sun Java JDK/JRE Multiple Vulnerabilities - Aug09
File : nvt/gb_sun_java_jre_mult_vuln_aug09.nasl
2009-08-17Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_1201.nasl
2009-08-17Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk)
File : nvt/fcore_2009_8329.nasl
2009-08-17Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk)
File : nvt/fcore_2009_8337.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1199
File : nvt/RHSA_2009_1199.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1200
File : nvt/RHSA_2009_1200.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1201
File : nvt/RHSA_2009_1201.nasl
2009-08-17Name : Ubuntu USN-814-1 (openjdk-6)
File : nvt/ubuntu_814_1.nasl
2009-08-17Name : SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)
File : nvt/suse_sa_2009_043.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
56783Sun Java JDK / JRE SOCKS Proxy Implementation Applet Process Owner Disclosure

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2013-02-22Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2010-03-31Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-11-23Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-18Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-11-13Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1582.nasl - Type : ACT_GATHER_INFO
2009-11-05Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-6396.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-6395.nasl - Type : ACT_GATHER_INFO
2009-09-25Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090922.nasl - Type : ACT_GATHER_INFO
2009-09-25Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-openjdk-090920.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-09-03Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO
2009-08-31Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1236.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1199.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO
2009-08-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote Fedora host is missing a security update.
File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO
2009-08-07Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-08-07Name : The remote Fedora host is missing a security update.
File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO
2009-08-05Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-85
File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-85
File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-85
File : solaris9_125136.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
BIDhttp://www.securityfocus.com/bid/35943
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
CERThttp://www.us-cert.gov/cas/techalerts/TA09-294A.html
CONFIRMhttp://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
http://java.sun.com/javase/6/webnotes/6u15.html
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310....
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325....
GENTOOhttp://security.gentoo.org/glsa/glsa-200911-02.xml
HPhttp://marc.info/?l=bugtraq&m=125787273209737&w=2
http://marc.info/?l=bugtraq&m=125787273209737&w=2
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:209
REDHAThttps://rhn.redhat.com/errata/RHSA-2009-1199.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
SECTRACKhttp://www.securitytracker.com/id?1022659
SECUNIAhttp://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/36199
http://secunia.com/advisories/36248
http://secunia.com/advisories/37300
http://secunia.com/advisories/37386
http://secunia.com/advisories/37460
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
VUPENhttp://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3316
XFhttp://xforce.iss.net/xforce/xfdb/52336

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:51:00
  • Multiple Updates
2013-05-10 23:54:54
  • Multiple Updates