CVE-2009-2689

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Se; Openjdk
Vendor: CVE Published:; 10 August 2009

Summary

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

References

https://rhn.redhat.com/errata/RHSA-2009-1199.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/36162

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2009/2543

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Aug 10, 2009
Vulnerability Reserved
Aug 5, 2009