CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2009-2689 – OpenJDK JDK13Services grants unnecessary privileges (6777448)
https://notcve.org/view.php?id=CVE-2009-2689
JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. JDK13Services.getProviders en Sun Java SE v5.0 anteriores a Update 20 y v6 anteriores a Update 15, y en OpenJDK, proporciona privilegios completos a instancias de tipos de objeto no especificadas, permitiendo a atacantes dependientes del contexto saltar las restricciones de acceso previstas mediante (1)un applet o (2) una aplicación no confiables. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36162 http://secunia.com/advisories/36180 http://secunia.com/advisories/36199 http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/do • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 2%CPEs: 138EXPL: 0CVE-2009-2676 – JRE applet launcher vulnerability
https://notcve.org/view.php?id=CVE-2009-2676
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. Vulnerabilidad no especificada en JNLPAppletlauncher en Sun Java SE, y SE Business, en JDK y JRE 6v Update v14 y anteriores y JDK y JRE v5.0 Update v19 y anteriores; y Java SE para Business de SDK y JRE v1.4.2_21 y anteriores, permiten a atacantes remotos crear o modificar un fichero a su elección a través de un vector relacionado con un applet Java no confiable. • http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://osvdb.org/56789 http://secunia.com/advisories/36176 http://secunia.com/advisories/36199 http://secunia.com/advisories/36248 http://secunia.com/advisories/37300 http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-2009 •