Vulnerability Description
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | <= 6 |
| Sun | Jre | <= 6 |
Related Weaknesses (CWE)
References
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
- http://java.sun.com/javase/6/webnotes/6u15.html
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
- http://marc.info/?l=bugtraq&m=125787273209737&w=2
- http://osvdb.org/56788
- http://secunia.com/advisories/36162
- http://secunia.com/advisories/36176
- http://secunia.com/advisories/36180
- http://secunia.com/advisories/36199
- http://secunia.com/advisories/36248
- http://secunia.com/advisories/37300
- http://secunia.com/advisories/37386
FAQ
What is CVE-2009-2670?
CVE-2009-2670 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted ...
How severe is CVE-2009-2670?
CVE-2009-2670 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2670?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre.