Vulnerability Description
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | <= 6 |
| Sun | Jre | <= 6 |
References
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
- http://java.sun.com/javase/6/webnotes/6u15.html
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
- http://marc.info/?l=bugtraq&m=125787273209737&w=2
- http://secunia.com/advisories/36162
- http://secunia.com/advisories/36176
- http://secunia.com/advisories/36180
- http://secunia.com/advisories/36199
- http://secunia.com/advisories/36248
- http://secunia.com/advisories/37300
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/37460
FAQ
What is CVE-2009-2671?
CVE-2009-2671 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the ac...
How severe is CVE-2009-2671?
CVE-2009-2671 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2671?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre.