CVE-2009-2670

N/A Unknown
Published: August 05, 2009 Modified: April 23, 2026
View on NVD

Description

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
Source: cve@mitre.org
http://java.sun.com/javase/6/webnotes/6u15.html
Source: cve@mitre.org
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
Source: cve@mitre.org
http://marc.info/?l=bugtraq&m=125787273209737&w=2
Source: cve@mitre.org
http://osvdb.org/56788
Source: cve@mitre.org
http://secunia.com/advisories/36162
Source: cve@mitre.org
http://secunia.com/advisories/36176
Source: cve@mitre.org
http://secunia.com/advisories/36180
Source: cve@mitre.org
http://secunia.com/advisories/36199
Source: cve@mitre.org
http://secunia.com/advisories/36248
Source: cve@mitre.org
http://secunia.com/advisories/37300
Source: cve@mitre.org
http://secunia.com/advisories/37386
Source: cve@mitre.org
http://secunia.com/advisories/37460
Source: cve@mitre.org
http://security.gentoo.org/glsa/glsa-200911-02.xml
Source: cve@mitre.org
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
Source: cve@mitre.org
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
Source: cve@mitre.org
Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Source: cve@mitre.org
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/35939
Source: cve@mitre.org
http://www.securitytracker.com/id?1022658
Source: cve@mitre.org
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Source: cve@mitre.org
US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2009/2543
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2009/3316
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/52306
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022
Source: cve@mitre.org
https://rhn.redhat.com/errata/RHSA-2009-1199.html
Source: cve@mitre.org
https://rhn.redhat.com/errata/RHSA-2009-1200.html
Source: cve@mitre.org
https://rhn.redhat.com/errata/RHSA-2009-1201.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
Source: cve@mitre.org
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
Source: cve@mitre.org
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20
Source: af854a3a-2127-422b-91ae-364da2661108
http://java.sun.com/javase/6/webnotes/6u15.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=125787273209737&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/56788
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/36162
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/36176
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/36180
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/36199
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/36248
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/37300
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/37386
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/37460
Source: af854a3a-2127-422b-91ae-364da2661108
http://security.gentoo.org/glsa/glsa-200911-02.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/35939
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1022658
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/2543
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2009/3316
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/52306
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11326
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8022
Source: af854a3a-2127-422b-91ae-364da2661108
https://rhn.redhat.com/errata/RHSA-2009-1199.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://rhn.redhat.com/errata/RHSA-2009-1200.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://rhn.redhat.com/errata/RHSA-2009-1201.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
Source: af854a3a-2127-422b-91ae-364da2661108

72 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
3.6%
88th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

sun

Related CVEs

CVE-2026-6786 8.1
CVE-2026-6785 8.1
CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3