CVE-2009-2476

Currently unrated

Key Information:

Vendor: Oracle
Status: Openjdk; Java Se
Vendor: CVE Published:; 10 August 2009

Summary

The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.

References

https://bugzilla.redhat.com/show_bug.cgi?id=513220

x_refsource_CONFIRM

https://rhn.redhat.com/errata/RHSA-2009-1200.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/36162

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Aug 10, 2009
Vulnerability Reserved
Jul 15, 2009