CVE 2009-2672
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.
Related bugs and status
CVE-2009-2672 (Candidate) is related to these bugs:
Bug #85969: Java Docs Package Won't Install
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
85969 | Java Docs Package Won't Install | sun-java6 (Ubuntu) | Medium | Fix Released | ||
85969 | Java Docs Package Won't Install | sun-java5 (Ubuntu) | Medium | Invalid | ||
85969 | Java Docs Package Won't Install | j2se1.4-i586 (Ubuntu) | Wishlist | Invalid |
Bug #409559: version 1.6.0_15 is available
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
409559 | version 1.6.0_15 is available | sun-java6 (Ubuntu) | Undecided | Fix Released | ||
409559 | version 1.6.0_15 is available | The Dell Mini Project | Undecided | Invalid | ||
409559 | version 1.6.0_15 is available | Jaunty Jackalope Backports | Undecided | Invalid | ||
409559 | version 1.6.0_15 is available | Intrepid Ibex Backports | Undecided | Invalid | ||
409559 | version 1.6.0_15 is available | Hardy Backports | Undecided | Invalid | ||
409559 | version 1.6.0_15 is available | sun-java6 (Ubuntu Hardy) | Undecided | Fix Released | ||
409559 | version 1.6.0_15 is available | sun-java6 (Ubuntu Karmic) | Undecided | Fix Released | ||
409559 | version 1.6.0_15 is available | sun-java6 (Ubuntu Intrepid) | Undecided | Invalid | ||
409559 | version 1.6.0_15 is available | sun-java6 (Ubuntu Jaunty) | Undecided | Fix Released |
Bug #420426: sun-java6 6b16 update for karmic, hardy and jaunty
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
420426 | sun-java6 6b16 update for karmic, hardy and jaunty | sun-java6 (Ubuntu) | Undecided | Fix Released | ||
420426 | sun-java6 6b16 update for karmic, hardy and jaunty | sun-java6 (Ubuntu Hardy) | Undecided | Fix Released | ||
420426 | sun-java6 6b16 update for karmic, hardy and jaunty | sun-java6 (Ubuntu Jaunty) | Undecided | Fix Released | ||
420426 | sun-java6 6b16 update for karmic, hardy and jaunty | sun-java6 (Ubuntu Karmic) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.