CVE-2009-2671

EUVD-2009-2664
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
sunjdk
𝑥
≤ 6
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjdk
5.0
sunjre
𝑥
≤ 6
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
sunjre
5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
dapper
dne
hardy
Fixed 6b18-1.8.2-4ubuntu1~8.04.1
released
intrepid
Fixed 6b12-0ubuntu6.5
released
jaunty
Fixed 6b14-1.4.1-0ubuntu11
released
karmic
not-affected
lucid
not-affected
maverick
not-affected
sun-java5
dapper
ignored
gutsy
ignored
hardy
not-affected
intrepid
ignored
jaunty
ignored
karmic
dne
lucid
dne
maverick
dne
sun-java6
dapper
dne
hardy
Fixed 6.20dlj-0ubuntu1.8.04
released
intrepid
ignored
jaunty
Fixed 6.20dlj-0ubuntu1.9.04
released
karmic
Fixed 6-15-1
released
lucid
Fixed 6-15-1
released
maverick
not-affected
References
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
http://java.sun.com/javase/6/webnotes/6u15.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
http://marc.info/?l=bugtraq&m=125787273209737&w=2
http://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/36199
http://secunia.com/advisories/36248
http://secunia.com/advisories/37300
http://secunia.com/advisories/37386
http://secunia.com/advisories/37460
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35943
http://www.securitytracker.com/id?1022659
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3316
https://exchange.xforce.ibmcloud.com/vulnerabilities/52336
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259
https://rhn.redhat.com/errata/RHSA-2009-1199.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
http://java.sun.com/javase/6/webnotes/6u15.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
http://marc.info/?l=bugtraq&m=125787273209737&w=2
http://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/36199
http://secunia.com/advisories/36248
http://secunia.com/advisories/37300
http://secunia.com/advisories/37386
http://secunia.com/advisories/37460
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35943
http://www.securitytracker.com/id?1022659
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/2543
http://www.vupen.com/english/advisories/2009/3316
https://exchange.xforce.ibmcloud.com/vulnerabilities/52336
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259
https://rhn.redhat.com/errata/RHSA-2009-1199.html
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html