Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-2672

Published: 5 August 2009

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.

Priority

Medium

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (6b18-1.8.2-4ubuntu1~8.04.1)
intrepid
Released (6b12-0ubuntu6.5)
jaunty
Released (6b14-1.4.1-0ubuntu11)
karmic Not vulnerable
(6b16-1.6.1-0ubuntu1)
lucid Not vulnerable
(6b16-1.6.1-0ubuntu1)
maverick Not vulnerable
(6b16-1.6.1-0ubuntu1)
upstream
Released (6b16)
sun-java5
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
gutsy Ignored
(end of life, was needs-triage)
hardy Not vulnerable
(1.5.0-22-0ubuntu0.8.04)
intrepid Ignored
(end of life, was needs-triage)
jaunty Ignored
(end of life)
karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream
Released (1.5.0-20)
sun-java6
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (6.20dlj-0ubuntu1.8.04)
intrepid Ignored
(end of life, was needs-triage)
jaunty
Released (6.20dlj-0ubuntu1.9.04)
karmic
Released (6-15-1)
lucid
Released (6-15-1)
maverick Not vulnerable

upstream
Released (6.15)