CVE-2009-2475

Name of the Vulnerable Software and Affected Versions Sun Java SE versions 5.0 through 5.0 Update 19 Sun Java SE versions 6 through 6 Update 14 OpenJDK (affected versions not specified)

Description The issue allows context-dependent attackers to obtain sensitive information via various vectors, including static variables declared without the final keyword. These vectors involve multiple components such as LayoutQueue, Cursor.predefined, AccessibleResourceBundle.getContents, ImageReaderSpi.STANDARD INPUT TYPE, ImageWriterSpi.STANDARD OUTPUT TYPE, imageio plugins, DnsContext.debug, RmfFileReader/StandardMidiFileWriter.types, AbstractSaslImpl.logger, Synth.Region.uiToRegionMap/lowerCaseNameMap, the Introspector class, and a cache of BeanInfo, as well as JAX-WS.

Recommendations For Sun Java SE versions 5.0 through 5.0 Update 19, update to version 5.0 Update 20 or later. For Sun Java SE versions 6 through 6 Update 14, update to version 6 Update 15 or later. For OpenJDK, at the moment, there is no information about a newer version that contains a fix for this vulnerability.