Launchpad.net

CVE 2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.

Related bugs and status

CVE-2009-2672 (Candidate) is related to these bugs:

Bug #85969: Java Docs Package Won't Install

		In	Importance	Status
85969	Java Docs Package Won't Install	sun-java6 (Ubuntu)	Medium	Fix Released
85969	Java Docs Package Won't Install	sun-java5 (Ubuntu)	Medium	Invalid
85969	Java Docs Package Won't Install	j2se1.4-i586 (Ubuntu)	Wishlist	Invalid

Bug #409559: version 1.6.0_15 is available

		In	Importance	Status
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu)	Undecided	Fix Released
409559	version 1.6.0_15 is available	The Dell Mini Project	Undecided	Invalid
409559	version 1.6.0_15 is available	Jaunty Jackalope Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	Intrepid Ibex Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	Hardy Backports	Undecided	Invalid
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Karmic)	Undecided	Fix Released
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Intrepid)	Undecided	Invalid
409559	version 1.6.0_15 is available	sun-java6 (Ubuntu Jaunty)	Undecided	Fix Released

Bug #420426: sun-java6 6b16 update for karmic, hardy and jaunty

		In	Importance	Status
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Hardy)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Jaunty)	Undecided	Fix Released
420426	sun-java6 6b16 update for karmic, hardy and jaunty	sun-java6 (Ubuntu Karmic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-2672

Related bugs and status

Related bugs

References