You are here

CVE-2009-2671

Vincent (CVE) Danen's picture
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

Details Source

Mitre

Public Date

2009-08-05 00:00:00

Impact

Important

Bugzilla

CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)

Bugzilla ID

512 907

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:P/I:N/A:N

Red Hat Security Errata

Platform Errata Release Date
Red Hat Satellite 5.3 (RHEL v.5) (java-1.6.0-ibm) RHSA-2010:0043 2010-01-14
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2009:1582 2009-11-12
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2009:1200 2009-08-06
Red Hat Enterprise Linux AS version 4 Extras (java-1.5.0-sun) RHSA-2009:1199 2009-08-06
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2009:1236 2009-08-28
Red Hat Enterprise Linux AS version 4 Extras (java-1.5.0-ibm) RHSA-2009:1236 2009-08-28
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2009:1201 2009-08-06
Red Hat Satellite 5.1 (RHEL v.4 AS) (java-1.5.0-sun) RHSA-2009:1662 2009-12-11
Red Hat Satellite 5.3 (RHEL v.4) (java-1.6.0-ibm) RHSA-2010:0043 2010-01-14
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-sun) RHSA-2009:1199 2009-08-06
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-ibm) RHSA-2009:1582 2009-11-12
Red Hat Enterprise Linux AS version 4 Extras (java-1.6.0-sun) RHSA-2009:1200 2009-08-06