CVE-2009-2670

high

Description

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

References

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

https://rhn.redhat.com/errata/RHSA-2009-1201.html

https://rhn.redhat.com/errata/RHSA-2009-1200.html

https://rhn.redhat.com/errata/RHSA-2009-1199.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326

https://exchange.xforce.ibmcloud.com/vulnerabilities/52306

http://www.vupen.com/english/advisories/2009/3316

http://www.vupen.com/english/advisories/2009/2543

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.us-cert.gov/cas/techalerts/TA09-294A.html

http://www.securitytracker.com/id?1022658

http://www.securityfocus.com/bid/35939

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://secunia.com/advisories/37460

http://secunia.com/advisories/37386

http://secunia.com/advisories/37300

http://secunia.com/advisories/36248

http://secunia.com/advisories/36199

http://secunia.com/advisories/36180

http://secunia.com/advisories/36176

http://secunia.com/advisories/36162

http://osvdb.org/56788

http://marc.info/?l=bugtraq&m=125787273209737&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

http://java.sun.com/javase/6/webnotes/6u15.html

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

Details

Source: Mitre, NVD

Published: 2009-08-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High