CVE-2009-2671 : The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors.

Published 2009-08-05 19:30:01

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-2671

SUN » JDK » Update Update 13
Versions up to, including, (<=) 6
cpe:2.3:a:sun:jdk:*:update_13:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 1
cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 3
cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 3
cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 4
cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 5
cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 1
cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 10
cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 6
cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 7
cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 2
cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 13
cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 2
cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 11
cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 12
cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 8
cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 9
cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 6
cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 7
cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 8
cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 9
cpe:2.3:a:sun:jdk:6:update_9:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 15
cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 5
cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 4
cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 14
cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 17
cpe:2.3:a:sun:jdk:5.0:update_17:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 5.0 Update Update 16
cpe:2.3:a:sun:jdk:5.0:update_16:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 12
cpe:2.3:a:sun:jdk:6:update_12:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 11
cpe:2.3:a:sun:jdk:6:update_11:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 6 Update Update 10
cpe:2.3:a:sun:jdk:6:update_10:*:*:*:*:*:*
Matching versions
SUN » JRE » Update Update 13
Versions up to, including, (<=) 6
cpe:2.3:a:sun:jre:*:update_13:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 1
cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 1
cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 10
cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 6
cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 7
cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 2
cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 3
cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 11
cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 12
cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 4
cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 5
cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 8
cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 9
cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 13
cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 2
cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 3
cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 6
cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 7
cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 14
cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 4
cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 5
cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 8
cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 9
cpe:2.3:a:sun:jre:6:update_9:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 15
cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 11
cpe:2.3:a:sun:jre:6:update_11:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 12
cpe:2.3:a:sun:jre:6:update_12:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 16
cpe:2.3:a:sun:jre:5.0:update_16:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 17
cpe:2.3:a:sun:jre:5.0:update_17:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 6 Update Update 10
cpe:2.3:a:sun:jre:6:update_10:*:*:*:*:*:*
Matching versions
SUN » JRE » Version: 5.0 Update Update 19
cpe:2.3:a:sun:jre:5.0:update_19:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-2671

EPSS FAQ

6.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-2671

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2009-2671

http://secunia.com/advisories/37386

About Secunia Research | Flexera

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

Page not found | Oracle

CVEs referencing this url
http://marc.info/?l=bugtraq&m=125787273209737&w=2

'[security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege,' - MARC

CVEs referencing this url
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8259
http://secunia.com/advisories/36199

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/37460

About Secunia Research | Flexera

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/2543

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/52336
http://java.sun.com/javase/6/webnotes/6u15.html

CVEs referencing this url
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

VMSA-2009-0016.6

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

Page not found - Mandriva.com

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/3316

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://www.securityfocus.com/bid/35943

CVEs referencing this url
https://rhn.redhat.com/errata/RHSA-2009-1199.html

RHSA-2009:1199 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA09-294A.html

Oracle Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
http://secunia.com/advisories/36176

About Secunia Research | Flexera

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11115
http://www.securitytracker.com/id?1022659

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2009:016 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10

CVEs referencing this url
https://rhn.redhat.com/errata/RHSA-2009-1201.html

RHSA-2009:1201 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1

Patch;Vendor Advisory

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200911-02.xml

Sun JDK/JRE: Multiple vulnerabilities (GLSA 200911-02) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/36180

About Secunia Research | Flexera

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11

CVEs referencing this url
http://secunia.com/advisories/36248

CVEs referencing this url
http://www.securityfocus.com/archive/1/507985/100/0/threaded

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

[security-announce] SUSE Security Announcement: IBM Java 6 (SUSE-SA:2009:053) - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://secunia.com/advisories/36162

About Secunia Research | Flexera

CVEs referencing this url
https://rhn.redhat.com/errata/RHSA-2009-1200.html

RHSA-2009:1200 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://secunia.com/advisories/37300

About Secunia Research | Flexera

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2009-2671

Products affected by CVE-2009-2671

Exploit prediction scoring system (EPSS) score for CVE-2009-2671

CVSS scores for CVE-2009-2671

References for CVE-2009-2671