Information Leak in Sun Java SE 6 and OpenJDK due to Encoder Flaw
CVE-2009-2690

Currently unrated

Key Information:

Vendor: Oracle
Status: Openjdk; Java Se
Vendor: CVE Published:; 10 August 2009

Summary

The encoder component in Sun Java SE 6 prior to Update 15 and OpenJDK has a flaw that unintentionally grants read access to private variables with unspecified names. This vulnerability can be exploited by attackers leveraging untrusted applets or applications to gain access to sensitive information, potentially leading to unauthorized data disclosure. Proper safeguards and updates are essential to mitigate this risk.

References

https://rhn.redhat.com/errata/RHSA-2009-1200.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/36162

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2009/2543

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Aug 10, 2009
Vulnerability Reserved
Aug 5, 2009