CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword.

Affected Software

Name	Vendor	Start Version	End Version
Jdk	Sun	*	6 (including)
Jdk	Sun	5.0-update_1 (including)	5.0-update_1 (including)
Jdk	Sun	5.0-update_10 (including)	5.0-update_10 (including)
Jdk	Sun	5.0-update_11 (including)	5.0-update_11 (including)
Jdk	Sun	5.0-update_12 (including)	5.0-update_12 (including)
Jdk	Sun	5.0-update_13 (including)	5.0-update_13 (including)
Jdk	Sun	5.0-update_14 (including)	5.0-update_14 (including)
Jdk	Sun	5.0-update_15 (including)	5.0-update_15 (including)
Jdk	Sun	5.0-update_16 (including)	5.0-update_16 (including)
Jdk	Sun	5.0-update_17 (including)	5.0-update_17 (including)
Jdk	Sun	5.0-update_2 (including)	5.0-update_2 (including)
Jdk	Sun	5.0-update_3 (including)	5.0-update_3 (including)
Jdk	Sun	5.0-update_4 (including)	5.0-update_4 (including)
Jdk	Sun	5.0-update_5 (including)	5.0-update_5 (including)
Jdk	Sun	5.0-update_6 (including)	5.0-update_6 (including)
Jdk	Sun	5.0-update_7 (including)	5.0-update_7 (including)
Jdk	Sun	5.0-update_8 (including)	5.0-update_8 (including)
Jdk	Sun	5.0-update_9 (including)	5.0-update_9 (including)
Jdk	Sun	6-update_1 (including)	6-update_1 (including)
Jdk	Sun	6-update_10 (including)	6-update_10 (including)
Jdk	Sun	6-update_11 (including)	6-update_11 (including)
Jdk	Sun	6-update_12 (including)	6-update_12 (including)
Jdk	Sun	6-update_2 (including)	6-update_2 (including)
Jdk	Sun	6-update_3 (including)	6-update_3 (including)
Jdk	Sun	6-update_4 (including)	6-update_4 (including)
Jdk	Sun	6-update_5 (including)	6-update_5 (including)
Jdk	Sun	6-update_6 (including)	6-update_6 (including)
Jdk	Sun	6-update_7 (including)	6-update_7 (including)
Jdk	Sun	6-update_8 (including)	6-update_8 (including)
Jdk	Sun	6-update_9 (including)	6-update_9 (including)
Jre	Sun	*	6 (including)
Jre	Sun	5.0-update_1 (including)	5.0-update_1 (including)
Jre	Sun	5.0-update_10 (including)	5.0-update_10 (including)
Jre	Sun	5.0-update_11 (including)	5.0-update_11 (including)
Jre	Sun	5.0-update_12 (including)	5.0-update_12 (including)
Jre	Sun	5.0-update_13 (including)	5.0-update_13 (including)
Jre	Sun	5.0-update_14 (including)	5.0-update_14 (including)
Jre	Sun	5.0-update_15 (including)	5.0-update_15 (including)
Jre	Sun	5.0-update_16 (including)	5.0-update_16 (including)
Jre	Sun	5.0-update_17 (including)	5.0-update_17 (including)
Jre	Sun	5.0-update_19 (including)	5.0-update_19 (including)
Jre	Sun	5.0-update_2 (including)	5.0-update_2 (including)
Jre	Sun	5.0-update_3 (including)	5.0-update_3 (including)
Jre	Sun	5.0-update_4 (including)	5.0-update_4 (including)
Jre	Sun	5.0-update_5 (including)	5.0-update_5 (including)
Jre	Sun	5.0-update_6 (including)	5.0-update_6 (including)
Jre	Sun	5.0-update_7 (including)	5.0-update_7 (including)
Jre	Sun	5.0-update_8 (including)	5.0-update_8 (including)
Jre	Sun	5.0-update_9 (including)	5.0-update_9 (including)
Jre	Sun	6-update_1 (including)	6-update_1 (including)
Jre	Sun	6-update_10 (including)	6-update_10 (including)
Jre	Sun	6-update_11 (including)	6-update_11 (including)
Jre	Sun	6-update_12 (including)	6-update_12 (including)
Jre	Sun	6-update_2 (including)	6-update_2 (including)
Jre	Sun	6-update_3 (including)	6-update_3 (including)
Jre	Sun	6-update_4 (including)	6-update_4 (including)
Jre	Sun	6-update_5 (including)	6-update_5 (including)
Jre	Sun	6-update_6 (including)	6-update_6 (including)
Jre	Sun	6-update_7 (including)	6-update_7 (including)
Jre	Sun	6-update_8 (including)	6-update_8 (including)
Jre	Sun	6-update_9 (including)	6-update_9 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-2673
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References