PT-2009-5065 · Sun+3 · Sun Java Runtime Environment+3

Publicado

2009-08-05

·

Atualizado

2018-10-10

·

CVE-2009-2670

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Sun Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 19 Sun Java Runtime Environment (JRE) versions 6 through 6 Update 14
Description The issue allows context-dependent attackers to obtain sensitive information by reading java.lang.System properties. This is possible because the audio system in the affected JRE versions does not prevent access to these properties by untrusted applets and Java Web Start applications.
Recommendations For Sun Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 19, update to version 5.0 Update 20 or later. For Sun Java Runtime Environment (JRE) versions 6 through 6 Update 14, update to version 6 Update 15 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2009-2670
HPSBUX02476
RHSA-2009:1199
RHSA-2009:1200
RHSA-2009:1201
RHSA-2009:1236
RHSA-2009:1582
RHSA-2009:1662
RHSA-2009_1201
RHSA-2010:0043

Produtos afetados

Hp-Ux
Java Platform
Red Hat
Sun Java Runtime Environment