7.5

CVE-2009-2672

EPSS 12.99%
Veröffentlicht 05.08.2009 19:30:01
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 34

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sun ≫ Jdk Updateupdate_13 Version <= 6

Sun ≫ Jdk Version5.0 Updateupdate_1

Sun ≫ Jdk Version5.0 Updateupdate_10

Sun ≫ Jdk Version5.0 Updateupdate_11

Sun ≫ Jdk Version5.0 Updateupdate_12

Sun ≫ Jdk Version5.0 Updateupdate_13

Sun ≫ Jdk Version5.0 Updateupdate_14

Sun ≫ Jdk Version5.0 Updateupdate_15

Sun ≫ Jdk Version5.0 Updateupdate_16

Sun ≫ Jdk Version5.0 Updateupdate_17

Sun ≫ Jdk Version5.0 Updateupdate_2

Sun ≫ Jdk Version5.0 Updateupdate_3

Sun ≫ Jdk Version5.0 Updateupdate_4

Sun ≫ Jdk Version5.0 Updateupdate_5

Sun ≫ Jdk Version5.0 Updateupdate_6

Sun ≫ Jdk Version5.0 Updateupdate_7

Sun ≫ Jdk Version5.0 Updateupdate_8

Sun ≫ Jdk Version5.0 Updateupdate_9

Sun ≫ Jdk Version6 Updateupdate_1

Sun ≫ Jdk Version6 Updateupdate_10

Sun ≫ Jdk Version6 Updateupdate_11

Sun ≫ Jdk Version6 Updateupdate_12

Sun ≫ Jdk Version6 Updateupdate_2

Sun ≫ Jdk Version6 Updateupdate_3

Sun ≫ Jdk Version6 Updateupdate_4

Sun ≫ Jdk Version6 Updateupdate_5

Sun ≫ Jdk Version6 Updateupdate_6

Sun ≫ Jdk Version6 Updateupdate_7

Sun ≫ Jdk Version6 Updateupdate_8

Sun ≫ Jdk Version6 Updateupdate_9

Sun ≫ Jre Updateupdate_13 Version <= 6

Sun ≫ Jre Version5.0 Updateupdate_1

Sun ≫ Jre Version5.0 Updateupdate_10

Sun ≫ Jre Version5.0 Updateupdate_11

Sun ≫ Jre Version5.0 Updateupdate_12

Sun ≫ Jre Version5.0 Updateupdate_13

Sun ≫ Jre Version5.0 Updateupdate_14

Sun ≫ Jre Version5.0 Updateupdate_15

Sun ≫ Jre Version5.0 Updateupdate_16

Sun ≫ Jre Version5.0 Updateupdate_17

Sun ≫ Jre Version5.0 Updateupdate_19

Sun ≫ Jre Version5.0 Updateupdate_2

Sun ≫ Jre Version5.0 Updateupdate_3

Sun ≫ Jre Version5.0 Updateupdate_4

Sun ≫ Jre Version5.0 Updateupdate_5

Sun ≫ Jre Version5.0 Updateupdate_6

Sun ≫ Jre Version5.0 Updateupdate_7

Sun ≫ Jre Version5.0 Updateupdate_8

Sun ≫ Jre Version5.0 Updateupdate_9

Sun ≫ Jre Version6 Updateupdate_1

Sun ≫ Jre Version6 Updateupdate_10

Sun ≫ Jre Version6 Updateupdate_11

Sun ≫ Jre Version6 Updateupdate_12

Sun ≫ Jre Version6 Updateupdate_2

Sun ≫ Jre Version6 Updateupdate_3

Sun ≫ Jre Version6 Updateupdate_4

Sun ≫ Jre Version6 Updateupdate_5

Sun ≫ Jre Version6 Updateupdate_6

Sun ≫ Jre Version6 Updateupdate_7

Sun ≫ Jre Version6 Updateupdate_8

Sun ≫ Jre Version6 Updateupdate_9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.99%	0.934

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/3316

http://secunia.com/advisories/37460

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

http://marc.info/?l=bugtraq&m=125787273209737&w=2

http://secunia.com/advisories/36176

http://secunia.com/advisories/36180

http://secunia.com/advisories/37300

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

Patch

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

http://www.us-cert.gov/cas/techalerts/TA09-294A.html

US Government Resource

http://www.vupen.com/english/advisories/2009/2543

https://rhn.redhat.com/errata/RHSA-2009-1200.html

https://rhn.redhat.com/errata/RHSA-2009-1201.html

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

http://java.sun.com/javase/6/webnotes/6u15.html

http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

http://secunia.com/advisories/36199

http://secunia.com/advisories/36248

https://rhn.redhat.com/errata/RHSA-2009-1199.html

http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1

Patch

Vendor Advisory

http://www.securityfocus.com/bid/35943

http://www.securitytracker.com/id?1022659

https://exchange.xforce.ibmcloud.com/vulnerabilities/52337

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7723

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9359

https://nvd.nist.gov/vuln/detail/CVE-2009-2672

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2672

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2672

EUVD