CVE-2009-2670

Description

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

References

Link	Tags
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022	vdb entry signature
https://rhn.redhat.com/errata/RHSA-2009-1200.html	vendor advisory
https://rhn.redhat.com/errata/RHSA-2009-1199.html	vendor advisory
http://secunia.com/advisories/36162	third party advisory
http://www.vupen.com/english/advisories/2009/2543	vdb entry
http://secunia.com/advisories/37460	third party advisory
http://security.gentoo.org/glsa/glsa-200911-02.xml	vendor advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://marc.info/?l=bugtraq&m=125787273209737&w=2	vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1	patch vendor advisory
http://secunia.com/advisories/36199	third party advisory
http://secunia.com/advisories/36248	third party advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209	vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html	vendor advisory
http://osvdb.org/56788	vdb entry
http://www.securitytracker.com/id?1022658	vdb entry
http://java.sun.com/javase/6/webnotes/6u15.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded	mailing list
http://www.us-cert.gov/cas/techalerts/TA09-294A.html	third party advisory us government resource
http://secunia.com/advisories/36180	third party advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1	patch
http://secunia.com/advisories/36176	third party advisory
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html	vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326	vdb entry signature
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html	vendor advisory
http://secunia.com/advisories/37300	third party advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	vendor advisory
https://rhn.redhat.com/errata/RHSA-2009-1201.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html	vendor advisory
http://secunia.com/advisories/37386	third party advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52306	vdb entry
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
http://www.vupen.com/english/advisories/2009/3316	vdb entry
http://www.securityfocus.com/bid/35939	vdb entry

Frequently Asked Questions

What is the severity of CVE-2009-2670?: CVE-2009-2670 has been scored as a medium severity vulnerability.
How to fix CVE-2009-2670?: To fix CVE-2009-2670, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2009-2670 being actively exploited in the wild?: It is possible that CVE-2009-2670 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~4% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-264 – Permissions, Privileges, and Access Controls

References

Frequently Asked Questions