QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-2475

Back to search

CVE-2009-2475

Published: Aug 10, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2009:1200
vendor-advisory
x_refsource_REDHAT
RHSA-2009:1199
vendor-advisory
x_refsource_REDHAT
36162
third-party-advisory
x_refsource_SECUNIA
ADV-2009-2543
vdb-entry
x_refsource_VUPEN
GLSA-200911-02
vendor-advisory
x_refsource_GENTOO
36199
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:209
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2009-8329
vendor-advisory
x_refsource_FEDORA
36180
third-party-advisory
x_refsource_SECUNIA
36176
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-8337
vendor-advisory
x_refsource_FEDORA
SUSE-SR:2009:016
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:10221
vdb-entry
signature
x_refsource_OVAL
APPLE-SA-2009-09-03-1
vendor-advisory
x_refsource_APPLE
RHSA-2009:1201
vendor-advisory
x_refsource_REDHAT
37386
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2009-2475 - Security Vulnerability | QwikSec