NVD

Id
49720  
Name
CVE-2009-2475  
Description
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.  
Reject
 
CVSS Version
2  
CVSS Score
7.8  
Severity
High  
CVSS Base Score
7.8  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:N/A:N)  
Pub Date
2017-01-07  
Published
2009-08-10  
Modified Date
2010-08-21  
Seq
2009-2475  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
251408 49720 CVE-2009-2475 http://java.sun.com/j2se/1.5.0/ReleaseNotes.html  View
251409 49720 CVE-2009-2475 http://java.sun.com/javase/6/webnotes/6u15.html  View
251410 49720 CVE-2009-2475 APPLE-SA-2009-09-03-1  View
251411 49720 CVE-2009-2475 SUSE-SR:2009:016  View
251412 49720 CVE-2009-2475 oval:org.mitre.oval:def:10221  View
251413 49720 CVE-2009-2475 GLSA-200911-02  View
251414 49720 CVE-2009-2475 http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1  View
251415 49720 CVE-2009-2475 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1  View
251416 49720 CVE-2009-2475 MDVSA-2009:209  View
251417 49720 CVE-2009-2475 ADV-2009-2543  View
251418 49720 CVE-2009-2475 https://bugzilla.redhat.com/show_bug.cgi?id=513215  View
251419 49720 CVE-2009-2475 RHSA-2009:1199  View
251420 49720 CVE-2009-2475 RHSA-2009:1200  View
251421 49720 CVE-2009-2475 RHSA-2009:1201  View
251422 49720 CVE-2009-2475 FEDORA-2009-8329  View
251423 49720 CVE-2009-2475 FEDORA-2009-8337  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
41001 JVNDB-2009-002007 Sun Java SE および OpenJDK における重要な情報を取得される脆弱性 Sun Java SE および OpenJDK には、final キーワードなしに宣言された静的な変数の処理に不備があるため、重要な情報を取得される脆弱性が存在します。 CVE-2009-2475 39906 CVE-2009-2475 49720 7.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002007.html 2009-08-10 2009-09-16 View