PT-2009-5065 · Sun+3 · Sun Java Runtime Environment+3

Published

2009-08-05

·

Updated

2018-10-10

·

CVE-2009-2670

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Sun Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 19 Sun Java Runtime Environment (JRE) versions 6 through 6 Update 14
Description The issue allows context-dependent attackers to obtain sensitive information by reading java.lang.System properties. This is possible because the audio system in the affected JRE versions does not prevent access to these properties by untrusted applets and Java Web Start applications.
Recommendations For Sun Java Runtime Environment (JRE) versions 5.0 through 5.0 Update 19, update to version 5.0 Update 20 or later. For Sun Java Runtime Environment (JRE) versions 6 through 6 Update 14, update to version 6 Update 15 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-2670
HPSBUX02476
RHSA-2009:1199
RHSA-2009:1200
RHSA-2009:1201
RHSA-2009:1236
RHSA-2009:1582
RHSA-2009:1662
RHSA-2009_1201
RHSA-2010:0043

Affected Products

Hp-Ux
Java Platform
Red Hat
Sun Java Runtime Environment