CVE-2009-2670

Sun Java Runtime Environment <6 - Info Disclosure

Title source: llm
STIX 2.1

Description

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

References (36)

Core 36
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1200.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1199.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1201.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52306
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36162
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2543
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37460
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200911-02.xml
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=125787273209737&w=2
Patch, Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36199
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36248
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/56788
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022658
Various Sources x_refsource_confirm
http://java.sun.com/javase/6/webnotes/6u15.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36180
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36176
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37300
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37386
Various Sources x_refsource_confirm
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35939

Scores

EPSS 0.0365
EPSS Percentile 88.0%

Details

CWE
CWE-264
Status published
Products (5)
sun/jdk 5.0 update_1 (17 CPE variants)
sun/jdk 6 update_1 (12 CPE variants)
sun/jdk < 6
sun/jre 5.0 update_1 (18 CPE variants)
sun/jre 6 update_1 (2 CPE variants)
Published Aug 05, 2009
Tracked Since Feb 18, 2026