Executive Summary

Informations
NameCVE-2009-2671First vendor Publication2009-08-05
VendorCveLast vendor Modification2012-10-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8259
 
Oval ID: oval:org.mitre.oval:def:8259
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2671
 Version: 3
Platform(s): HP-UX 11
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11115
 
Oval ID: oval:org.mitre.oval:def:11115
Title: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Description: The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2671
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application30
Application31

Open Source Vulnerability Database (OSVDB)

idDescription
56783Sun Java JDK / JRE SOCKS Proxy Implementation Applet Process Owner Disclosure

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
BIDhttp://www.securityfocus.com/bid/35943
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
CERThttp://www.us-cert.gov/cas/techalerts/TA09-294A.html
CONFIRMhttp://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
http://java.sun.com/javase/6/webnotes/6u15.html
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310....
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325....
GENTOOhttp://security.gentoo.org/glsa/glsa-200911-02.xml
HPhttp://marc.info/?l=bugtraq&m=125787273209737&w=2
http://marc.info/?l=bugtraq&m=125787273209737&w=2
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:209
REDHAThttps://rhn.redhat.com/errata/RHSA-2009-1199.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
SECTRACKhttp://www.securitytracker.com/id?1022659
SECUNIAhttp://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/36199
http://secunia.com/advisories/36248
http://secunia.com/advisories/37300
http://secunia.com/advisories/37386
http://secunia.com/advisories/37460
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
VUPENhttp://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3316
XFhttp://xforce.iss.net/xforce/xfdb/52336

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:54:54
  • Multiple Updates