Executive Summary

Informations
NameCVE-2009-2673First vendor Publication2009-08-05
VendorCveLast vendor Modification2012-10-22

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8558
 
Oval ID: oval:org.mitre.oval:def:8558
Title: HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2673
Version: 6
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10263
 
Oval ID: oval:org.mitre.oval:def:10263
Title: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.
Description: The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2673
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application30
Application31

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for java CESA-2009:1201 centos5 i386
File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl
2010-05-28Name : Java for Mac OS X 10.5 Update 5
File : nvt/macosx_java_for_10_5_upd_5.nasl
2009-11-23Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_200911_02.nasl
2009-11-17Name : RedHat Security Advisory RHSA-2009:1582
File : nvt/RHSA_2009_1582.nasl
2009-11-11Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-10-19Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-09-02Name : RedHat Security Advisory RHSA-2009:1236
File : nvt/RHSA_2009_1236.nasl
2009-09-02Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk)
File : nvt/mdksa_2009_209.nasl
2009-08-20Name : Sun Java JDK/JRE Multiple Vulnerabilities - Aug09
File : nvt/gb_sun_java_jre_mult_vuln_aug09.nasl
2009-08-17Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)
File : nvt/ovcesa2009_1201.nasl
2009-08-17Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk)
File : nvt/fcore_2009_8329.nasl
2009-08-17Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk)
File : nvt/fcore_2009_8337.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1199
File : nvt/RHSA_2009_1199.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1200
File : nvt/RHSA_2009_1200.nasl
2009-08-17Name : RedHat Security Advisory RHSA-2009:1201
File : nvt/RHSA_2009_1201.nasl
2009-08-17Name : Ubuntu USN-814-1 (openjdk-6)
File : nvt/ubuntu_814_1.nasl
2009-08-17Name : SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun)
File : nvt/suse_sa_2009_043.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
56785Sun Java JDK / JRE Proxy Mechanism Implementation Arbitrary Host Connection

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2013-02-22Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2010-03-31Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-11-23Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-18Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-11-13Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1582.nasl - Type : ACT_GATHER_INFO
2009-11-05Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote SuSE system is missing the security patch java-1_5_0-sun-6396
File : suse_java-1_5_0-sun-6396.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote SuSE system is missing the security patch java-1_6_0-sun-6395
File : suse_java-1_6_0-sun-6395.nasl - Type : ACT_GATHER_INFO
2009-09-25Name : The remote SuSE system is missing a security patch for java-1_6_0-openjdk
File : suse_11_1_java-1_6_0-openjdk-090922.nasl - Type : ACT_GATHER_INFO
2009-09-25Name : The remote SuSE system is missing a security patch for java-1_6_0-openjdk
File : suse_11_0_java-1_6_0-openjdk-090920.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-09-03Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO
2009-08-31Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1236.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1199.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO
2009-08-24Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO
2009-08-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote SuSE system is missing a security patch for java-1_5_0-sun
File : suse_11_1_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote SuSE system is missing a security patch for java-1_6_0-sun
File : suse_11_1_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote SuSE system is missing a security patch for java-1_5_0-sun
File : suse_11_0_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote SuSE system is missing a security patch for java-1_6_0-sun
File : suse_11_0_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO
2009-08-10Name : The remote Fedora host is missing a security update.
File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO
2009-08-07Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO
2009-08-07Name : The remote Fedora host is missing a security update.
File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO
2009-08-05Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-75
File : solaris10_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-75
File : solaris8_125136.nasl - Type : ACT_GATHER_INFO
2007-10-12Name : The remote host is missing Sun Security Patch number 125136-75
File : solaris9_125136.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
BIDhttp://www.securityfocus.com/bid/35943
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
CERThttp://www.us-cert.gov/cas/techalerts/TA09-294A.html
CONFIRMhttp://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
http://java.sun.com/javase/6/webnotes/6u15.html
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310....
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325....
GENTOOhttp://security.gentoo.org/glsa/glsa-200911-02.xml
HPhttp://marc.info/?l=bugtraq&m=125787273209737&w=2
http://marc.info/?l=bugtraq&m=125787273209737&w=2
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:209
OSVDBhttp://osvdb.org/56785
REDHAThttps://rhn.redhat.com/errata/RHSA-2009-1199.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
SECTRACKhttp://www.securitytracker.com/id?1022659
SECUNIAhttp://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/36199
http://secunia.com/advisories/36248
http://secunia.com/advisories/37300
http://secunia.com/advisories/37386
http://secunia.com/advisories/37460
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
VUPENhttp://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3316
XFhttp://xforce.iss.net/xforce/xfdb/52338

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:51:00
  • Multiple Updates
2013-05-10 23:55:05
  • Multiple Updates