CVE-2009-2689 — Vulnetix

CVE-2009-2689 PUBLISHED CVSS 10 CRITICAL

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

EPSS 7.51% · 91.9th percentile

Risk Scores

CVSS 2.0

EPSS Score

7.51%

91.9th percentile

Affected Products

Vendor	Product	Versions
sun	openjdk
n/a	n/a	n/a
sun	java_se	0, 0

Exploit Intelligence

RHSA-2009:1199 (circl)
36162 (circl)
ADV-2009-2543 (circl)
oval:org.mitre.oval:def:9603 (circl)
GLSA-200911-02 (circl)
36199 (circl)
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1 (circl)
MDVSA-2009:209 (circl)
FEDORA-2009-8329 (circl)
http://java.sun.com/javase/6/webnotes/6u15.html (circl)

…and 9 more exploits

Timeline

Aug 10, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Sep 8, 2023 EPSS Score

References

RHSA-2009:1199 vendor-advisory
36162 third-party-advisory
ADV-2009-2543 vdb
oval:org.mitre.oval:def:9603 vdb
GLSA-200911-02 vendor-advisory
36199 third-party-advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1 url
MDVSA-2009:209 vendor-advisory
FEDORA-2009-8329 vendor-advisory
http://java.sun.com/javase/6/webnotes/6u15.html url
36180 third-party-advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 url
FEDORA-2009-8337 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=513222 url
SUSE-SR:2009:016 vendor-advisory
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html url
APPLE-SA-2009-09-03-1 vendor-advisory
RHSA-2009:1201 vendor-advisory
37386 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-2689 advisory

Open in Interactive Console →