CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:java_se:*:20:*:*:*:*:*:*
cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:*
cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-08-10 18:30

Updated : 2024-02-04 17:33


NVD link : CVE-2009-2689

Mitre link : CVE-2009-2689

CVE.ORG link : CVE-2009-2689


JSON object : View

Products Affected

sun

  • openjdk
  • java_se
CWE
CWE-264

Permissions, Privileges, and Access Controls