CVE-2009-2475
Summary
| CVE | CVE-2009-2475 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-08-10 18:30:00 UTC |
| Updated | 2017-09-19 01:29:00 UTC |
| Description | Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Gentoo updates for sun-jre-bin, sun-jdk, blackdown-jre, blackdown-jdk, and emul-linux-x86-java - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| #125139-16: Obsoleted by: 125139-17 JavaSE for business 6_x86: update 15 patch (equivalent to JDK 6u15), 64bit | CONFIRM | sunsolve.sun.com | Patch |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:016 | SUSE | lists.opensuse.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Red Hat update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat update for java-1.5.0-sun - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Bug 513215 – CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167) | CONFIRM | bugzilla.redhat.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Fedora update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Gentoo Linux Documentation -- Sun JDK/JRE: Multiple vulnerabilites | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 | FEDORA | www.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| APPLE-SA-2009-09-03-1 Java for Mac OS X 10.5 Update 5 | APPLE | lists.apple.com | |
| Advisories | Mandriva | MANDRIVA | www.mandriva.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| #118667-22: JavaSE 5.0: update 20 patch (equivalent to JDK 5.0u20), 64bit | CONFIRM | sunsolve.sun.com | Patch, Vendor Advisory |
| Red Hat update for java-1.6.0-sun - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| JDK 5.0u22 Release Notes | CONFIRM | java.sun.com | Vendor Advisory |
| [SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 | FEDORA | www.redhat.com | |
| Java SE 6 Update 15 Release Notes. | CONFIRM | java.sun.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.