CVE-2009-2672 Information
Description
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20 does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications which allows remote attackers to hijack web sessions via unspecified vectors.
Reference
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html150_20 http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36199 http://secunia.com/advisories/36248 http://secunia.com/advisories/37300 http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1 http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/35943 http://www.securitytracker.com/id?1022659 http://www.us-cert.gov/cas/techalerts/TA09-294A.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/2543 http://www.vupen.com/english/advisories/2009/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/52337 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7723 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9359 https://rhn.redhat.com/errata/RHSA-2009-1199.html https://rhn.redhat.com/errata/RHSA-2009-1200.html https://rhn.redhat.com/errata/RHSA-2009-1201.html
Share on: