The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Sun
  • Jdk
  • Jre

Configuration 1 [-]

OR cpe:2.3:a:sun:jdk:*:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:*:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*
References
Link Resource
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
http://java.sun.com/javase/6/webnotes/6u15.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
http://marc.info/?l=bugtraq&m=125787273209737&w=2
http://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/36199
http://secunia.com/advisories/36248
http://secunia.com/advisories/37300
http://secunia.com/advisories/37386
http://secunia.com/advisories/37460
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1 Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35943
http://www.securitytracker.com/id?1022659
http://www.us-cert.gov/cas/techalerts/TA09-294A.html US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3316
https://exchange.xforce.ibmcloud.com/vulnerabilities/52336
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259
https://rhn.redhat.com/errata/RHSA-2009-1199.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-05T19:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2009-08-05T00:00:00

Link: CVE-2009-2671

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-08-05T19:30:01.187

Modified: 2018-10-10T19:41:14.763

Link: CVE-2009-2671

JSON object: View

cve-icon Redhat Information

No data.

CWE