CVE-2009-2689 : JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileg

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

Published 2009-08-10 18:30:00

Updated 2017-09-19 01:29:17

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-2689

Probability of exploitation activity in the next 30 days: 1.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-2689

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-2689

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-2689

http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Patch

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/2543

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://java.sun.com/javase/6/webnotes/6u15.html

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

Page not found - Mandriva.com

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=513222
https://rhn.redhat.com/errata/RHSA-2009-1199.html

RHSA-2009:1199 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2009:016 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1

Patch

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10

CVEs referencing this url
https://rhn.redhat.com/errata/RHSA-2009-1201.html

RHSA-2009:1201 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200911-02.xml

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9603
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1

Patch

CVEs referencing this url

Products affected by CVE-2009-2689

SUN » Openjdk
cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*
Matching versions
SUN » Java Se » Update 20
Versions up to, including, (<=) 5.0
cpe:2.3:a:sun:java_se:*:20:*:*:*:*:*:*
Matching versions
SUN » Java Se » Update 14
Versions up to, including, (<=) 6
cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2009-2689

Exploit prediction scoring system (EPSS) score for CVE-2009-2689

CVSS scores for CVE-2009-2689

CWE ids for CVE-2009-2689

References for CVE-2009-2689

Products affected by CVE-2009-2689