Information Disclosure Vulnerability in Sun Java SE and OpenJDK Products
CVE-2009-2475

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Se; Openjdk
Vendor: CVE Published:; 10 August 2009

Summary

The vulnerability in Sun Java SE 5.0 and 6, as well as OpenJDK, allows context-dependent attackers to gain unauthorized access to sensitive information. This occurs through improper declaration of static variables without the final keyword, which can expose data through various application components including LayoutQueue, Cursor, and several image-related plugins. Effective mitigation requires updates to the affected Java versions to ensure that sensitive data remains protected.

References

https://rhn.redhat.com/errata/RHSA-2009-1200.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=513215

x_refsource_CONFIRM

https://rhn.redhat.com/errata/RHSA-2009-1199.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Aug 10, 2009
Vulnerability Reserved
Jul 15, 2009