CVE-2009-2672
Published: 5 August 2009
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors.
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(6b18-1.8.2-4ubuntu1~8.04.1)
|
|
intrepid |
Released
(6b12-0ubuntu6.5)
|
|
jaunty |
Released
(6b14-1.4.1-0ubuntu11)
|
|
karmic |
Not vulnerable
(6b16-1.6.1-0ubuntu1)
|
|
lucid |
Not vulnerable
(6b16-1.6.1-0ubuntu1)
|
|
maverick |
Not vulnerable
(6b16-1.6.1-0ubuntu1)
|
|
upstream |
Released
(6b16)
|
|
sun-java5 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Not vulnerable
(1.5.0-22-0ubuntu0.8.04)
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Released
(1.5.0-20)
|
|
sun-java6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(6.20dlj-0ubuntu1.8.04)
|
|
intrepid |
Ignored
(end of life, was needs-triage)
|
|
jaunty |
Released
(6.20dlj-0ubuntu1.9.04)
|
|
karmic |
Released
(6-15-1)
|
|
lucid |
Released
(6-15-1)
|
|
maverick |
Not vulnerable
|
|
upstream |
Released
(6.15)
|