Executive Summary
Summary | |
---|---|
Title | Sun Alert 263408 A Security Vulnerability in the Java Runtime Environment Audio System may Allow System Properties to be Accessed |
Informations | |||
---|---|---|---|
Name | SUN-263408 | First vendor Publication | 2009-08-04 |
Vendor | Sun | Last vendor Modification | 2010-01-21 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Java Platform, Standard Edition 6 (Java SE 6) A security vulnerability in the Java Runtime Environment audio systemmay allow an untrusted applet or Java Web Start application to access "java.lang.System" properties. Sun acknowledges, with thanks, Sami Koivu for bringing this issue toour attention. State: Resolved First released: 04-Aug-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_263408_a_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11326 | |||
Oval ID: | oval:org.mitre.oval:def:11326 | ||
Title: | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | ||
Description: | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2670 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for java CESA-2009:1201 centos5 i386 File : nvt/gb_CESA-2009_1201_java_centos5_i386.nasl |
2010-05-28 | Name : Java for Mac OS X 10.5 Update 5 File : nvt/macosx_java_for_10_5_upd_5.nasl |
2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1582 File : nvt/RHSA_2009_1582.nasl |
2009-11-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-09-02 | Name : RedHat Security Advisory RHSA-2009:1236 File : nvt/RHSA_2009_1236.nasl |
2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:209 (java-1.6.0-openjdk) File : nvt/mdksa_2009_209.nasl |
2009-08-20 | Name : Sun Java JDK/JRE Multiple Vulnerabilities - Aug09 File : nvt/gb_sun_java_jre_mult_vuln_aug09.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1199 File : nvt/RHSA_2009_1199.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1200 File : nvt/RHSA_2009_1200.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1201 File : nvt/RHSA_2009_1201.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8329 (java-1.6.0-openjdk) File : nvt/fcore_2009_8329.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8337 (java-1.6.0-openjdk) File : nvt/fcore_2009_8337.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk) File : nvt/ovcesa2009_1201.nasl |
2009-08-17 | Name : SuSE Security Advisory SUSE-SA:2009:043 (java-1_5_0-sun,java-1_6_0-sun) File : nvt/suse_sa_2009_043.nasl |
2009-08-17 | Name : Ubuntu USN-814-1 (openjdk-6) File : nvt/ubuntu_814_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56788 | Sun Java JDK / JRE Audio System Unauthorized java.lang.System Properties Access |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : sun_java_jre_263408_unix.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090824_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090806_java_1_6_0_openjdk_on_SL5_3.nasl - Type : ACT_GATHER_INFO |
2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO |
2010-03-31 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-11-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO |
2009-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1582.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-6395.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-6396.nasl - Type : ACT_GATHER_INFO |
2009-09-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-090920.nasl - Type : ACT_GATHER_INFO |
2009-09-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-090922.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-09-03 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update5.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1236.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-209.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1199.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1200.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-814-1.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8337.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_5_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-07 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8329.nasl - Type : ACT_GATHER_INFO |
2009-08-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1201.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : sun_java_jre_263408.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris9_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris8_125136.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125136-97 File : solaris10_125136.nasl - Type : ACT_GATHER_INFO |