PT-2009-5067 · Sun+3 · Sun Java Runtime Environment+3

Published

2009-08-05

Updated

2018-10-10

CVE-2009-2672

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Sun Java Runtime Environment (JRE) versions prior to 6 Update 15 Sun Java Runtime Environment (JRE) versions prior to 5.0 Update 20

Description The issue concerns the proxy mechanism implementation in the Sun Java Runtime Environment, which fails to restrict access to browser cookies. This allows remote attackers to hijack web sessions. The estimated number of potentially affected devices and details about real-world incidents are not specified.

Recommendations For versions prior to 6 Update 15, update to version 6 Update 15 or later to resolve the issue. For versions prior to 5.0 Update 20, update to version 5.0 Update 20 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-2672

HPSBUX02476

RHSA-2009:1199

RHSA-2009:1200

RHSA-2009:1201

RHSA-2009:1236

RHSA-2009:1582

RHSA-2009:1662

RHSA-2009_1201

RHSA-2010:0043

Affected Products

Hp-Ux

Java Platform

Red Hat

Sun Java Runtime Environment

PT-2009-5067 · Sun+3 · Sun Java Runtime Environment+3

CVE-2009-2672

Weakness Enumeration

Related Identifiers

Affected Products

References · 64