CVE-2009-2689
Summary
| CVE | CVE-2009-2689 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-08-10 18:30:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 513222 – (CVE-2009-2689) CVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges (6777448) | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| #118667-22: JavaSE 5.0: update 20 patch (equivalent to JDK 5.0u20), 64bit | af854a3a-2127-422b-91ae-364da2661108 | sunsolve.sun.com | Patch |
| [SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Java SE 6 Update 15 Release Notes. | af854a3a-2127-422b-91ae-364da2661108 | java.sun.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| JDK 5.0u22 Release Notes | af854a3a-2127-422b-91ae-364da2661108 | java.sun.com | Patch |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Fedora update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| #125139-16: Obsoleted by: 125139-17 JavaSE for business 6_x86: update 15 patch (equivalent to JDK 6u15), 64bit | af854a3a-2127-422b-91ae-364da2661108 | sunsolve.sun.com | Patch |
| [SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| APPLE-SA-2009-09-03-1 Java for Mac OS X 10.5 Update 5 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| Advisories | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Gentoo Linux Documentation -- Sun JDK/JRE: Multiple vulnerabilites | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| Gentoo updates for sun-jre-bin, sun-jdk, blackdown-jre, blackdown-jdk, and emul-linux-x86-java - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:016 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Red Hat update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Red Hat update for java-1.5.0-sun - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.