CVE Vulnerabilities

CVE-2009-2690

Published: Aug 10, 2009 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.

Affected Software

Name Vendor Start Version End Version
Java_se Sun * 6
Openjdk Sun * *
Extras for RHEL 4 RedHat java-1.6.0-sun-1:1.6.0.15-1jpp.1.el4 *
Red Hat Enterprise Linux 5 RedHat java-1.6.0-openjdk-1:1.6.0.0-1.2.b09.el5 *
Supplementary for Red Hat Enterprise Linux 5 RedHat java-1.6.0-sun-1:1.6.0.15-1jpp.1.el5 *
Openjdk-6 Ubuntu hardy *
Openjdk-6 Ubuntu intrepid *
Openjdk-6 Ubuntu jaunty *
Openjdk-6 Ubuntu upstream *
Sun-java5 Ubuntu dapper *
Sun-java5 Ubuntu hardy *
Sun-java5 Ubuntu jaunty *
Sun-java6 Ubuntu hardy *
Sun-java6 Ubuntu jaunty *
Sun-java6 Ubuntu karmic *
Sun-java6 Ubuntu lucid *
Sun-java6 Ubuntu upstream *

References