// For flags

CVE-2009-2690

OpenJDK private variable information disclosure (6777487)

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.

The codificador en Sun Java SE v6 anteriores a Update 15, y OpenJDK, permite acceso de lectura a variables privadas con nombres no especificados, permitiendo a atacantes dependientes del contexto obtener informaciĆ³n sensible mediante (1) un applet o (2) una aplicaciĆ³n no confiables.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-08-05 CVE Reserved
  • 2009-08-10 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sun
Search vendor "Sun"
 Java Se
Search vendor "Sun" for product "Java Se"
 <= 6
Search vendor "Sun" for product "Java Se" and version " <= 6"
14
Affected
Sun
Search vendor "Sun"
 Openjdk
Search vendor "Sun" for product "Openjdk"
*-
Affected