CVE-2009-2671

Sun Java Runtime Environment <6 - Info Disclosure

Title source: llm
STIX 2.1

Description

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

References (35)

Core 35
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1200.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1199.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52336
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=125787273209737&w=2
Various Sources x_refsource_confirm
http://java.sun.com/javase/6/webnotes/6u15.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36162
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2543
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37460
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200911-02.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36199
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36248
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35943
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36180
Patch, Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36176
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022659
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37300
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1201.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37386
Various Sources x_refsource_confirm
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259

Scores

EPSS 0.1118
EPSS Percentile 93.6%

Details

Status published
Products (5)
sun/jdk 5.0 update_1 (17 CPE variants)
sun/jdk 6 update_1 (12 CPE variants)
sun/jdk < 6
sun/jre 5.0 update_1 (18 CPE variants)
sun/jre 6 update_1 (2 CPE variants)
Published Aug 05, 2009
Tracked Since Feb 18, 2026