Vulnerability Details : CVE-2009-2670
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
Exploit prediction scoring system (EPSS) score for CVE-2009-2670
Probability of exploitation activity in the next 30 days: 1.01%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-2670
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-2670
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-2670
-
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
Page not found | Oracle
-
http://marc.info/?l=bugtraq&m=125787273209737&w=2
'[security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege,' - MARC
-
http://www.securitytracker.com/id?1022658
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
-
http://www.vupen.com/english/advisories/2009/2543
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://java.sun.com/javase/6/webnotes/6u15.html
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Page not found - Mandriva.com
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://rhn.redhat.com/errata/RHSA-2009-1199.html
RHSA-2009:1199 - Security Advisory - Red Hat Customer Portal
-
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Oracle Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
Patch;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022
-
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:016 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10
-
https://rhn.redhat.com/errata/RHSA-2009-1201.html
RHSA-2009:1201 - Security Advisory - Red Hat Customer Portal
- http://security.gentoo.org/glsa/glsa-200911-02.xml
-
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
-
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
[security-announce] SUSE Security Announcement: IBM Java 6 (SUSE-SA:2009:053) - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.securityfocus.com/bid/35939
-
https://rhn.redhat.com/errata/RHSA-2009-1200.html
RHSA-2009:1200 - Security Advisory - Red Hat Customer Portal
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/52306
Products affected by CVE-2009-2670
- cpe:2.3:a:sun:jdk:*:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:*:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_11:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_12:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_17:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:5.0:update_19:*:*:*:*:*:*